Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: VERY simple 'virtual' honeypot

From: Ryan Russell <ryan () securityfocus com>
Date: Sat, 9 Mar 2002 11:47:53 -0700 (MST)
On Sat, 9 Mar 2002, Ofir Arkin wrote:

In my opinion it will be missing the main point of a Honeynet.


One that that has been gleaned from the honeypots lists is that there are
many possible reasons for running a honeypot.



We all know that we can cut the foreplay pretty fast (scanning, probing)
and hit the site with an exploit even without the scanning attempt (read
this in the context :P). But than what? Exploit fails, not much
information gained, and we miss the funny part.


One of which is to collect new exploits.  As you state, you don't get to
watch the attacker operate once they get a shell, but you do get to pull
the exploit off the wire.

                                        Ryan


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: