Honeypots mailing list archives
RE: Honeynet Alliance Charter Question
From: Croad Christopher D Contr AFRL/IFOSS <Christopher.Croad () rl af mil>
Date: Wed, 16 Mar 2005 15:49:06 -0000
I read it like this... There are two types of sniffing, active and passive. Passive sniffing is when you just listen to data coming across the wire. If it hits your system, and you have done nothing "shifty" to make it hit your system, then the sniffing is passive. Passive to me simply means I hook in the wire and listen. If you are doing something to force or help the data to come to your system ( i.e. arp spoofing, mac flooding, system probing) then the sniffing is active. You have coerced the data to arrive at you in some way. Chris -----Original Message----- From: Adam Carlson [mailto:ajcarlson () ucdavis edu] Sent: Tuesday, March 15, 2005 3:43 PM To: honeypots () securityfocus com Subject: Honeynet Alliance Charter Question Greetings all, I was wondering if someone could explain to me the meaning and purpose of the honeynet alliance requirement 4.8 involving data capture. From this page: http://www.honeynet.org/alliance/charter.txt "4.8 Organizations that deploy honeynets and related technologies for data capture must use passive means. No active means of data capture are acceptable under the Alliance. " What types of activity would be considered "passive" data capture as opposed to "active". I see how tcpdump would be considered passive, while something like nmap would be considered active, but is there a more formal definition/description that could be used to help classify data capture methods when they aren't so obvious? Having a better understanding of the intent of this requirement might help me understand how to interpret it as well. Please let me know any thoughts you might have. Thank you for any assistance, -Adam -- Clatto Verata Nicto
Current thread:
- Honeynet Alliance Charter Question Adam Carlson (Mar 15)
- Re: Honeynet Alliance Charter Question sushant (Mar 15)
- RE: Honeynet Alliance Charter Question Christopher Cook (Mar 15)
- Re: Honeynet Alliance Charter Question Adam Carlson (Mar 16)
- Re: Honeynet Alliance Charter Question Chris Brenton (Mar 16)
- Re: Honeynet Alliance Charter Question Sushant Sinha (Mar 16)
- Re: Honeynet Alliance Charter Question Adam Carlson (Mar 16)
- Re: Honeynet Alliance Charter Question Chris Brenton (Mar 16)
- Re: Honeynet Alliance Charter Question sushant (Mar 15)
- <Possible follow-ups>
- RE: Honeynet Alliance Charter Question Croad Christopher D Contr AFRL/IFOSS (Mar 16)