Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Usefulness of low-interaction honeypots.

From: Lance Spitzner <lance () honeynet org>
Date: Sun, 7 Sep 2003 20:28:16 -0500 (CDT)
On 7 Sep 2003, Kostas K wrote:


In addition LIH will not protect your network in the way you want. 


Absolutely.  However, I think you are barking up the wrong tree.
I think low interaction honeypots make a wonderful detection
technology for your internal networks.  Deployments (such as
Honeyd or KFSensor) can make honeypots very easy to deploy, and
very effective for detection.  Deploy it on your internal network,
and if anyone interacts with the honeypots, you know you have someone
(or something) on your internal networks that is most likely naughty.
Very simple, and very effective.  Yes, the bad guys can probe the
hell out of this simple solution and potentially determine its a
honeypot.  However, by the then the honeypot has already done its 
job, your burglar alarm has detected and warned you about the bad 
guys.

Keep in mind, honeypots are nothing more then a tool. That tool
has many different applications to many different individuals
and organizations.  Traditionally, people have focused on using
honeypots on external networks, or for decoy/deception.  Honeypots
can do sooooo much more.

lance
Previous By Date Next
Previous By Thread Next

Current thread: