Re: Honeypots, what is their limits for intrusion detection?

Thu, 02 Jul 2009 13:31:03 -0700 

Tomas,
From a misuse detection pov it will obiviously alert you on potential attacks to a honeypot. But any and all traffic destined to a honeynet (pot) should be deemed suspicious or malicious as there is no legitimate reason for communication between these hosts and others. This could also serve as an early warning system since all trafic is suspicious at the very least. 


A honeypot(net) are also not productional systems so their downtime  
for analysis is not problem and this is where the true value comes in.  
An IDS can't tell you if successful or not just that it saw something  
with ful blown access such detrmination can be made on top of method,  
tools and what they did once they got in, etc...



A great use-case. There was a worm released with no A/V or IDS covrage  
that was discovered through the traffic generated towards the honeynet.


Hope that helps,

----
Sent from my iPhone

On Jul 1, 2009, at 4:18 AM, Tomas Olsson <[email protected]> wrote:


Hi,

I have a newbie question related to intrusion detection. It was  
suggested to me that Honeypots only catches automated attacks, is  
that true? How can we know which attacks are not caught? Is there  
any papers on what sort of attacks are caught by using honeypots?


Regards
Tomas


-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.

A guide to understanding SSL certificates, how they operate and  
their application. By making use of an SSL certificate on your web  
server, you can securely collect sensitive information online, and  
increase business by giving your customers confidence that their  
transactions are safe.

http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194




-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their 
application. By making use of an SSL certificate on your web server, you can 
securely collect sensitive information online, and increase business by giving 
your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
























					Reply via email to