Snort mailing list archives
Re: RE: VERY simple 'virtual' honeypot
From: Ashley Thomas <athomas () unity ncsu edu>
Date: Fri, 8 Mar 2002 15:06:09 -0500 (EST)
Yes. Why i made that statement is: - allows for finger-printing as you said. - that might be an area which can be attacked by the Attacker. (if he knows IDS is going to respond to such and such packets, he can just flood some spoofed packets to those ip/port and IDS will be busy sending out response.) -ashley On Fri, 8 Mar 2002, Ryan Russell wrote:
On Fri, 8 Mar 2002, Ashley Thomas wrote:I would think that it is best if the IDS remains in the stealth mode without doing anything "active"I agree. Any response allows for fingerprinting, and potentially being able to identify the IDS. If I were trying to evade an IDS, the first thing I would want to know is which one I'm dealing with. Ryan
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: VERY simple 'virtual' honeypot, (continued)
- Re: VERY simple 'virtual' honeypot Fyodor (Mar 09)
- RE: VERY simple 'virtual' honeypot Dan Hollis (Mar 09)
- RE: VERY simple 'virtual' honeypot Ryan Russell (Mar 09)
- RE: VERY simple 'virtual' honeypot Ofir Arkin (Mar 09)
- RE: VERY simple 'virtual' honeypot Ryan Russell (Mar 09)
- RE: VERY simple 'virtual' honeypot Earthlink (Mar 09)
- RE: VERY simple 'virtual' honeypot Alex Collins (Mar 08)
- RE: VERY simple 'virtual' honeypot Michael Clark (Mar 08)
- Re: RE: VERY simple 'virtual' honeypot Ashley Thomas (Mar 08)
- Re: RE: VERY simple 'virtual' honeypot Ryan Russell (Mar 08)
- Re: RE: VERY simple 'virtual' honeypot Ashley Thomas (Mar 08)
- Re: RE: VERY simple 'virtual' honeypot Frank Knobbe (Mar 08)
- Re: VERY simple 'virtual' honeypot Rob Thomas (Mar 08)