[Snort-users] Re: VERY simple 'virtual' honeypot

Kerberus kerberus at ...5258...
Fri Mar 8 07:38:18 EST 2002


I would have to state that i believe the closest thing ive seen to help
building a real honeypot is either a base redhat 6.2 install with
everything running! : ) or the deception toolkit, combining both and
some coding would probably make for great forensic analysis

On Fri, 2002-03-08 at 07:26, Gideon Lenkey wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thu, 7 Mar 2002, Lance Spitzner wrote:
> 
> /* Of course this does not give you the Data Capture capabilites
> /* of a honeypot, as there is no system for the attacker to
> /* interact with.  However, this could be used to help detect
> /* scanning or probing activity.
> /*
> /* Thoughts?
> 
> NIDS systems give us plenty of scan and probe data from real production
> environments. What could we learn by getting this data from another
> source? (Thats a real question, not a statement!)
> 
> 
> - --Gideon
> 
> * Gideon J. Lenkey * PGP Key ID 0x92556BEC * pgp.mit.edu *
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.5 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE8iK37H1ef35JVa+wRAuomAKCq5K7r5lJrZNZPIeqGU6vDR+tfgACdHKSx
> 0EcTcxa7I0MXqpqKF6vSk9U=
> =/PYT
> -----END PGP SIGNATURE-----
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: honeypots-unsubscribe at ...35...
> For additional commands, e-mail: honeypots-help at ...35...
> ---------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA) Service. For more information on SecurityFocus' SIA service
> which automatically alerts you to the latest security vulnerabilities. 
> Please, see: https://alerts.securityfocus.com/
> 






More information about the Snort-users mailing list