|
Honeypots
mailing list archives
RE: Does it really take so long to get a bite?
From: "Andrew Hintz \(Drew\)" <drew () overt org>
Date: Mon, 9 Dec 2002 19:12:14 -0600
From: Anton A. Chuvakin [mailto:anton () chuvakin org]
And it got me thinking again of how it might depend upon the IP address.
Would it not make sense to try to compare scans for the same service for
various honeypots running on different IPs? The question is how to make
the comparison without disclosing the honeypot IP address?
The Internet Storm Center <http://isc.incidents.org/> does analyses similar
to what you're probably thinking of. They already have tons of sensors out
in the wild and have been gathering useful data for quite some time. Check
it out; it's a really good resource.
HTH,
--
^Drew
http://guh.nu
--Begin PGP Fingerprint--
3C6C F712 0A52 BD33 C518 5798 9014 CA99 2DA0 5E78
--End PGP Fingerprint--
 By Date 
By Thread
Current thread:
| 
Intro
