[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ids
Subject: Re: RES: Protocol Anomaly Detection IDS - Honeypots
From: Lance Spitzner <lance () honeynet ! org>
Date: 2003-02-23 19:24:20
[Download RAW message or body]
On 22 Feb 2003, Frank Knobbe wrote:
> 'bleed' this method into others. The primary goal of a honeypot is to
> look vulnerable and to lure hackers to exploiting it.
This thread most likely should be moved to the honeypots list, as such
this will be my last follow up. However, I just wanted to state that
I would have to disagree the above statement. A honeypot is a highly
flexible tool with a variety of different applications to security
(prevention, detection, research, etc). Its primary goal is whatever
you are attempting to achieve.
For example, LaBrea is an excellent example of a honeypot that
can slow down or prevent automated attacks. Honeyd is an example of how
a honeypot can used for detection. Both work my not luring, but by
monitoring unused IP space. The new bait-n-switch honeypot works not
by luring, but by detecting attacks, then redirecting them against a
honeypot, excellent for information gathering or research. Honeypots
are extremely flexible and can be used for many different primary
goals, one of which I feel is detection.
To be honest, I think the security community has only begun to
tap into the full potential of honeypot technologies.
lance
-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic