Honeypots mailing list archives

RE: Dynamic honeypots question??

From: "Charles Strasburger" <charles.strasburger () cybershieldnetworks com>
Date: Mon, 29 Sep 2003 14:44:10 -0400

In a word..(or two)..."not possible".  And this is ONE of the inherent
problems with this HP/HN technology.  Similar to sigs, patterns, strings,
anomalies, etc...inherent problems...  But that is going to change...

Soon...

C

-----Original Message-----
From: Kostas K [mailto:acezerocool () yahoo com]
Sent: Sunday, September 28, 2003 9:06 AM
To: honeypots () securityfocus com
Subject: Dynamic honeypots question??




Hi list

I' ve read the article on dynamic honeypots. It sounds very exciting and if
it is as applicable as it's described then it seems that maybe we in front
of a new era.
But i would like to ask something:
Since the honeypot will provide a plug-n-play solution by using passive
OS fingerprinting analysis etc how can we be so sure that during this
process the attacker won't interfere with it, realise that the machine
he/she attacks is a honeypot. Furthemore how feasible would be to build this
network while being offline?


Regards

Kostas
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.521 / Virus Database: 319 - Release Date: 9/23/2003

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.521 / Virus Database: 319 - Release Date: 9/23/2003

Current thread:

Dynamic honeypots question?? Kostas K (Sep 28)
- Re: Dynamic honeypots question?? Valdis . Kletnieks (Sep 29)
- RE: Dynamic honeypots question?? Charles Strasburger (Sep 29)
- <Possible follow-ups>
- Re: Dynamic honeypots question?? Kostas K (Sep 30)