Home page logo

honeypots logo Honeypots mailing list archives

Detection of attacks with the help of honeypots
From: Andreas Hess <hess () ee tu-berlin de>
Date: Wed, 06 Nov 2002 09:33:13 +0100


I am relatively new to the concept of honeypots, thus I've got a general
As far as I've understood the concept, honeypots could amongst other
things be used for the detection of attacks.
An attack could be identified by:

1.) communication between a remote host and the honeypot - as this is
always suspicious, as a honest person would never contact a honeypot
2.) analysing log-files of the honeypot
3.) certain reactions of a honeypot.

Are there honeypots which are capable to differentiate between regular
and irregular requests?
What happens if somebody floods a honeypot with a huge amount of regular
requests? This is a kind of attack versus the honeypot but would not
affect a real system. 
Is the current approach a mixture of the three given possibilities or
how does it work?

Thank you very much for helping!

Regards Andreas

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]