Honeypots mailing list archives
RE: Honeypot/net IDS System
From: "Michael" <michael () insulin-pumpers org>
Date: Tue, 24 Feb 2004 16:27:12 -0800
After a quick thinking on use of honeypots, i have some few things to wonder. - If the applications like SMTP are fully secured using the anitspam,anitvirus softwares before a security patched server, then what is the role of HoneyPot in the network .
It raises the price that spammers must pay to send their junk. In the case of a winduhs based zombie, if there are enough tarpits the systems will crash and eventually (hopefully) the user will clean it up. I've seen systems stuck in our tarpits do this repeatedly as they reach their task limit and die.
- Using Honeypots will only increase the traffic onto the LAN under consideration as it attracts hackers to come in
Depends on the type of tarpit. One that simply mimicks a slow smtp server will certainly increase overall traffic. A true TCP/IP tarpit that you DO NOT ADVERTISE will trap the spammers that attempt to send stuff to your site, eliminate the traffic from the spam from your network (bandwidth) at the IP stack level as well as all the bounce traffic (x3) that rejected messages would have created.
- honeypots can only trace out the hacker but it cant identify a possible threat, unless administrator goes thro the logs it is difficult to identify.
yep
A most helpful solution could be honeypot working in hand with intrusion protection systems or NIDS. Currently, with the tools ADMMutate NIDS are being cheated, Honeypot with NIDS can attract the hacker and we can know his real intentions using enhanced honeypot . I believe this would be a good combination.
It is necessary to seperate the function of a honeypot. One setup exclusively to deal with spammers serves one purpose. Worm/hack honeypots serve another and the information and usefulness is very different. Those are two separate discussions. What you say above is true for worm/hack attacks but is not really applicable to spam tarpits. Michael () Insulin-Pumpers org
Current thread:
- Honeypot/net IDS System Daniel Roth (Feb 22)
- Re: Honeypot/net IDS System Michael Robinton (Feb 22)
- Re: Honeypot/net IDS System captgoodnight (Feb 22)
- RE: Honeypot/net IDS System Aditya, ALD [Aditya Lalit Deshmukh] (Feb 24)
- RE: Honeypot/net IDS System Michael (Feb 24)
- RE: Honeypot/net IDS System ravivsn (Feb 24)
- RE: Honeypot/net IDS System Michael (Feb 25)
- Re: Honeypot/net IDS System Valdis . Kletnieks (Feb 25)
- Re: Honeypot/net IDS System Ian Baker (Feb 24)
- Re: Honeypot/net IDS System Michael (Feb 25)
- RE: Honeypot/net IDS System Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)
- RE: Honeypot/net IDS System Michael (Feb 27)
- Re: Honeypot/net IDS System Niels Provos (Feb 27)
- Re: Honeypot/net IDS System Michael Robinton (Feb 22)