|
IDS
mailing list archives
Re: RES: Protocol Anomaly Detection IDS - Honeypots
From: Lance Spitzner <lance () honeynet org>
Date: Sun, 23 Feb 2003 13:24:20 -0600 (CST)
On 22 Feb 2003, Frank Knobbe wrote:
'bleed' this method into others. The primary goal of a honeypot is to
look vulnerable and to lure hackers to exploiting it.
This thread most likely should be moved to the honeypots list, as such
this will be my last follow up. However, I just wanted to state that
I would have to disagree the above statement. A honeypot is a highly
flexible tool with a variety of different applications to security
(prevention, detection, research, etc). Its primary goal is whatever
you are attempting to achieve.
For example, LaBrea is an excellent example of a honeypot that
can slow down or prevent automated attacks. Honeyd is an example of how
a honeypot can used for detection. Both work my not luring, but by
monitoring unused IP space. The new bait-n-switch honeypot works not
by luring, but by detecting attacks, then redirecting them against a
honeypot, excellent for information gathering or research. Honeypots
are extremely flexible and can be used for many different primary
goals, one of which I feel is detection.
To be honest, I think the security community has only begun to
tap into the full potential of honeypot technologies.
lance
-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>
 By Date 
By Thread
Current thread:
- Re: RES: Protocol Anomaly Detection IDS - Honeypots, (continued)
|
Intro
