Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Honeypots: Detection of attacks with the help of honeypots

Detection of attacks with the help of honeypots

From: Andreas Hess <hess_at_ee.tu-berlin.de>
Date: Wed, 06 Nov 2002 09:33:13 +0100

Hi,

I am relatively new to the concept of honeypots, thus I've got a general
question.
As far as I've understood the concept, honeypots could amongst other
things be used for the detection of attacks.
An attack could be identified by:

1.) communication between a remote host and the honeypot - as this is
always suspicious, as a honest person would never contact a honeypot
2.) analysing log-files of the honeypot
3.) certain reactions of a honeypot.

Are there honeypots which are capable to differentiate between regular
and irregular requests?
What happens if somebody floods a honeypot with a huge amount of regular
requests? This is a kind of attack versus the honeypot but would not
affect a real system.
Is the current approach a mixture of the three given possibilities or
how does it work?

Thank you very much for helping!

Regards Andreas
Received on Nov 06 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]