[Snort-users] Re: VERY simple 'virtual' honeypot

Gideon Lenkey glenkey at ...970...
Fri Mar 8 04:28:02 EST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 7 Mar 2002, Lance Spitzner wrote:

/* Of course this does not give you the Data Capture capabilites
/* of a honeypot, as there is no system for the attacker to
/* interact with.  However, this could be used to help detect
/* scanning or probing activity.
/*
/* Thoughts?

NIDS systems give us plenty of scan and probe data from real production
environments. What could we learn by getting this data from another
source? (Thats a real question, not a statement!)


- --Gideon

* Gideon J. Lenkey * PGP Key ID 0x92556BEC * pgp.mit.edu *

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8iK37H1ef35JVa+wRAuomAKCq5K7r5lJrZNZPIeqGU6vDR+tfgACdHKSx
0EcTcxa7I0MXqpqKF6vSk9U=
=/PYT
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list