Honeypots mailing list archives
Re: Honeypot/net IDS System
From: Valdis.Kletnieks () vt edu
Date: Tue, 24 Feb 2004 22:39:58 -0500
On Tue, 24 Feb 2004 22:27:49 +0530, ravivsn () roc co in said:
- honeypots can only trace out the hacker but it cant identify a possible threat, unless administrator goes thro the logs it is difficult to identify.
The same is true for firewalls and application servers as well. You can syslog all you want, but it's pointless if there's nobody reviewing the logfiles. Want to make guesses how many times I've run into people who install firewalls and then *don't even know* that the firewall keeps logs? :) Remember - firewalls aren't a protection device, they're a detection device. If somebody wants "in" badly enough, they *will* find a way around it (find an unsecured modem port inside, social engineer a few hours in an empty cubicle, etc). So if you're not paying attention to the "somebody wants in" warning signs, you're a sitting duck.... And the same exact thing goes for honeypots - if you're not paying attention to what it's telling you, do the world a favor and do your part to slow down global warming by unplugging the box. :)
Attachment:
_bin
Description:
Current thread:
- Honeypot/net IDS System Daniel Roth (Feb 22)
- Re: Honeypot/net IDS System Michael Robinton (Feb 22)
- Re: Honeypot/net IDS System captgoodnight (Feb 22)
- RE: Honeypot/net IDS System Aditya, ALD [Aditya Lalit Deshmukh] (Feb 24)
- RE: Honeypot/net IDS System Michael (Feb 24)
- RE: Honeypot/net IDS System ravivsn (Feb 24)
- RE: Honeypot/net IDS System Michael (Feb 25)
- Re: Honeypot/net IDS System Valdis . Kletnieks (Feb 25)
- Re: Honeypot/net IDS System Ian Baker (Feb 24)
- Re: Honeypot/net IDS System Michael (Feb 25)
- RE: Honeypot/net IDS System Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)
- RE: Honeypot/net IDS System Michael (Feb 27)
- Re: Honeypot/net IDS System Niels Provos (Feb 27)
- Re: Honeypot/net IDS System Michael Robinton (Feb 22)