Honeypots mailing list archives
Re: Question about Dynamic Honeypots.
From: Patrick Dolan <dolan () unt edu>
Date: Mon, 22 Sep 2003 12:34:19 -0500
On Monday 22 September 2003 12:52 am, Mahdi samadi wrote:
Dear Freinds, I studied an article by Lance at http://www.securityfocus.com/infocus/1731 but i thinks that its idea does not working in some conditions, for example, i think that passive fingerprinting not works in networks that have swiths, Are you have an idea in this situation? (arp spoofing is one solution but it seems that is not good solution)
Assuming you meant 'switches' here, what you would need to do is mirror the inside interface on your core router, and have a monitor machine analyzing it. This way you will see all the traffic and not interefere with its flow. Like you have noticed, plugging it into the network at some random spot will mostly give you only broadcast traffic on a switched network.
I have also another question? i think that there will be another feature for future honeypot/nets, they must plug into networks and attract all anomaly/malicous traffics to ourself. At the least it must redirect the attacks traffic to itself. I am be so glad to know your ideas about my notes, await for your response, Accept my greetings, Regards, --samadi
An interesting idea in theory, but in practice it wouldn't be very achievable. You can't direct all attack traffic to a specific host or network without knowing every type of attack traffic out there. In addition, some legitimate traffic looks suspicious. Moreover, you don't know what the newest exploits are going to look like until they've already hammered networks. -- Patrick Dolan UNT Computing and Information Technology Center PGP ID: E5571154 Primary key fingerprint: 5681 25E4 6BE6 298E 9CF0 6F8D B13B 2456 E557 1154
Current thread:
- Question about Dynamic Honeypots. Mahdi samadi (Sep 22)
- Re: Question about Dynamic Honeypots. Patrick Dolan (Sep 22)
- Re: Question about Dynamic Honeypots. Richard Stevens (Sep 22)
- Re: Question about Dynamic Honeypots. Jack Whitsitt (jofny) (Sep 22)
- Project: Multiple service-instances on single h-pot Daniel Roth (Sep 22)
- Re: Project: Multiple service-instances on single h-pot oudot (Sep 22)
- Re: Project: Multiple service-instances on single h-pot Daniel Roth (Sep 22)
- Re: Project: Multiple service-instances on single h-pot oudot (Sep 22)
- Re: Question about Dynamic Honeypots. Plamen Tonev (Sep 22)
- Re: Question about Dynamic Honeypots. oudot (Sep 22)