Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

honeypots logo Honeypots mailing list archives

Need advice on which info do I have to expect to classify worm
From: dcneting <ansiry () tm net my>
Date: Sat, 08 May 2004 00:28:14 +0800
Im using honeyd, snort and iptables in my simple honeynet in order to catch
and classify the worms(known and unknown). And I set the logs to be
centralized in only one database. Im planning to do the classification
process autonomously. Is the information collected by those 3 tools is
enough for me to classify worms into its category? Is just looking the info
in tcp header is enough..? Suggest me if there anything I missed...:)

Thanks.

  By Date           By Thread  

Current thread:
  • Need advice on which info do I have to expect to classify worm dcneting (May 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]