Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

RE: deploying honeypots...

From: cyb3rh3b () kecoak or id
Date: Sat, 20 Aug 2005 20:08:08 +0700
Quoting "Connell, Graeme S" <gconnell () middlebury edu>:


Rasyid,

  The first question is a very good one, and, as with most good questions,
there really isn't a good answer.  If you're looking at how old exploits are
used against unpatched systems, then by all means use older versions of
operating systems and hardware.  However, if you're looking at what attacks
are used against fully-hardened systems, update all your patches and programs
before deploying the honeynet.  Generally, I like to use stuff that's a few
months to a year old, with a few known exploits.


Hm...ok, i decide to use default OS with no patch then :). Thanx...



   Regarding your second question, I'm not entirely sure how you're planning
on using neural networks within your honeynet.  Are you examining traffic and
attempting to determine when an attack occurs?  If so, a honeynet may not be
the best place to train the network, since ALL traffic within a honeynet is
attack traffic (no baseline).  Could you be more specific as to exactly what
part your neural network will play in the honeynet?

        --Graeme Connell


neural network will take an action needed from traffic it read and decide if
those new traffic is dangerous to system, if so then it will disconnect the
connection (well...it's one of the action will be taken).



Rasyid


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Previous By Date Next
Previous By Thread Next

Current thread: