Snort mailing list archives

Re: VERY simple 'virtual' honeypot

From: Kerberus <kerberus () microbsd net>
Date: 08 Mar 2002 11:35:13 -0500

I would have to state that i believe the closest thing ive seen to help
building a real honeypot is either a base redhat 6.2 install with
everything running! : ) or the deception toolkit, combining both and
some coding would probably make for great forensic analysis

On Fri, 2002-03-08 at 07:26, Gideon Lenkey wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 7 Mar 2002, Lance Spitzner wrote:

/* Of course this does not give you the Data Capture capabilites
/* of a honeypot, as there is no system for the attacker to
/* interact with.  However, this could be used to help detect
/* scanning or probing activity.
/*
/* Thoughts?

NIDS systems give us plenty of scan and probe data from real production
environments. What could we learn by getting this data from another
source? (Thats a real question, not a statement!)


- --Gideon

* Gideon J. Lenkey * PGP Key ID 0x92556BEC * pgp.mit.edu *

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8iK37H1ef35JVa+wRAuomAKCq5K7r5lJrZNZPIeqGU6vDR+tfgACdHKSx
0EcTcxa7I0MXqpqKF6vSk9U=
=/PYT
-----END PGP SIGNATURE-----


---------------------------------------------------------------------
To unsubscribe, e-mail: honeypots-unsubscribe () securityfocus com
For additional commands, e-mail: honeypots-help () securityfocus com
---------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service. For more information on SecurityFocus' SIA service
which automatically alerts you to the latest security vulnerabilities. 
Please, see: https://alerts.securityfocus.com/




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: VERY simple 'virtual' honeypot, (continued)
- - - Re: VERY simple 'virtual' honeypot Kurt Seifried (Mar 07)
  - Re: VERY simple 'virtual' honeypot David Watson (Mar 08)
  - Re: VERY simple 'virtual' honeypot nfudd (Mar 08)
- Re: VERY simple 'virtual' honeypot Brian Caswell (Mar 07)
  - RE: Re: VERY simple 'virtual' honeypot Chris Grout (Mar 07)
- Re: VERY simple 'virtual' honeypot Ian O'Brien (Mar 07)
- Re: VERY simple 'virtual' honeypot Glenn Forbes Fleming Larratt (Mar 07)
- Re: VERY simple 'virtual' honeypot Jim Forster (Mar 07)
- Re: VERY simple 'virtual' honeypot John Kinsella (Mar 07)
- Re: VERY simple 'virtual' honeypot Gideon Lenkey (Mar 08)
  - Re: VERY simple 'virtual' honeypot Kerberus (Mar 08)
- RE: VERY simple 'virtual' honeypot Rick Francis (Mar 08)
- Re: VERY simple 'virtual' honeypot Edward Balas (Mar 08)
- Re: VERY simple 'virtual' honeypot Frank Knobbe (Mar 08)
- Re: VERY simple 'virtual' honeypot Frank Knobbe (Mar 08)
- Re: VERY simple 'virtual' honeypot James Hoagland (Mar 08)
- Re: VERY simple 'virtual' honeypot George Bakos (Mar 08)
- Re: VERY simple 'virtual' honeypot Martin Roesch (Mar 08)
  - Re: VERY simple 'virtual' honeypot Jason Robertson (Mar 09)
- RE: VERY simple 'virtual' honeypot Ofir Arkin (Mar 09)
  - Re: VERY simple 'virtual' honeypot Fyodor (Mar 09)

(Thread continues...)