[Snort-users] VERY simple 'virtual' honeypot

Ryan Russell ryan at ...35...
Sat Mar 9 10:52:03 EST 2002


On Sat, 9 Mar 2002, Ofir Arkin wrote:
> In my opinion it will be missing the main point of a Honeynet.

One that that has been gleaned from the honeypots lists is that there are
many possible reasons for running a honeypot.

>
> We all know that we can cut the foreplay pretty fast (scanning, probing)
> and hit the site with an exploit even without the scanning attempt (read
> this in the context :P). But than what? Exploit fails, not much
> information gained, and we miss the funny part.

One of which is to collect new exploits.  As you state, you don't get to
watch the attacker operate once they get a shell, but you do get to pull
the exploit off the wire.

					Ryan





More information about the Snort-users mailing list