RE: [inbox] Re: Usefulness of low-interaction honeypots.

["Curt Purdy" <purdy () tecman com>]

At our site we do use both IDS and a honeynet.  It greatly cuts down on
time-consuming snort log analysis.  With a 128 subnet dedicated to a
no-interaction honeynet and running snort on it through an old hub, any
traffic at all is certain to be suspicious and likely to be malicious.  It
is our soft underbelly and the proverbial miner's canary.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Senior Systems Engineer
Information Security Engineer
DP Solutions
936.637.7977 ext. 121

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity zar Richard Clarke


-----Original Message-----
From: raymond [mailto:ip_raymond () yahoo com]
Sent: Monday, September 08, 2003 8:40 AM
To: Kostas K; honeypots () securityfocus com
Subject: [inbox] Re: Usefulness of low-interaction honeypots.



--- Kostas K <acezerocool () yahoo com> wrote:
In-Reply-To:
<Pine.LNX.4.44.0309072022340.18729-100000 () marge spitzner net>

Hi Kostas,

Why don't we use both IDS and Honeypot together ? As a
matter of fact, given the traffic loading and
correction of events, would it be more easily for
administrator to do the cross-validation with both
tools.

regards, Raymond.



__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com