mailing list archives
Detection of attacks with the help of honeypots
From: Andreas Hess <hess () ee tu-berlin de>
Date: Wed, 06 Nov 2002 09:33:13 +0100
I am relatively new to the concept of honeypots, thus I've got a general
As far as I've understood the concept, honeypots could amongst other
things be used for the detection of attacks.
An attack could be identified by:
1.) communication between a remote host and the honeypot - as this is
always suspicious, as a honest person would never contact a honeypot
2.) analysing log-files of the honeypot
3.) certain reactions of a honeypot.
Are there honeypots which are capable to differentiate between regular
and irregular requests?
What happens if somebody floods a honeypot with a huge amount of regular
requests? This is a kind of attack versus the honeypot but would not
affect a real system.
Is the current approach a mixture of the three given possibilities or
how does it work?
Thank you very much for helping!
- Detection of attacks with the help of honeypots Andreas Hess (Nov 06)