Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VERY simple 'virtual' honeypot

From: Gideon Lenkey <glenkey () infotech-nj com>
Date: Fri, 8 Mar 2002 07:26:31 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 7 Mar 2002, Lance Spitzner wrote:

/* Of course this does not give you the Data Capture capabilites
/* of a honeypot, as there is no system for the attacker to
/* interact with.  However, this could be used to help detect
/* scanning or probing activity.
/*
/* Thoughts?

NIDS systems give us plenty of scan and probe data from real production
environments. What could we learn by getting this data from another
source? (Thats a real question, not a statement!)


- --Gideon

* Gideon J. Lenkey * PGP Key ID 0x92556BEC * pgp.mit.edu *

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8iK37H1ef35JVa+wRAuomAKCq5K7r5lJrZNZPIeqGU6vDR+tfgACdHKSx
0EcTcxa7I0MXqpqKF6vSk9U=
=/PYT
-----END PGP SIGNATURE-----


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: