[Snort-users] VERY simple 'virtual' honeypot
ryan at ...35...
Sat Mar 9 10:52:03 EST 2002
On Sat, 9 Mar 2002, Ofir Arkin wrote:
> In my opinion it will be missing the main point of a Honeynet.
One that that has been gleaned from the honeypots lists is that there are
many possible reasons for running a honeypot.
> We all know that we can cut the foreplay pretty fast (scanning, probing)
> and hit the site with an exploit even without the scanning attempt (read
> this in the context :P). But than what? Exploit fails, not much
> information gained, and we miss the funny part.
One of which is to collect new exploits. As you state, you don't get to
watch the attacker operate once they get a shell, but you do get to pull
the exploit off the wire.
More information about the Snort-users