Hosting Provided By

RE: Protocol Anomaly Detection IDS - Honeypots

From: Jordan K Wiens <jwiens(at)nersp.nerdc.ufl.edu>
Date: Fri Feb 21 2003 - 15:12:36 EST

The point seems to be that it's possible to be eblow-deep in someones networks with relatively 'normal' traffic the IDS won't pick up. A specifically designed web-crawler can sneak right under the radar of a typical IDS, yet it would easily be detected by a honeytoken. Slowly enumerating all users from a public LDAP directory probably won't be detected by the IDS, but a honeytoken would snag it.

-- 
Jordan Wiens
UF Network Incident Response Team
(352)392-2061

On Fri, 21 Feb 2003, Rob Shein wrote:

> Interesting notion, but with a few problems.  My idea of a honeypot was an




-----------------------------------------------------------
Does your IDS have Intelligent Attack Profiling?
If not, see what you're missing.
Download a free 15-day trial of StillSecure Border Guard.
http://www.securityfocus.com/stillsecure

Received on Fri Feb 21 15:16:22 2003

This message: [ Message body ]
Next message: Rob Shein: "RE: Protocol Anomaly Detection IDS - Honeypots"
In reply to Rob Shein: "RE: Protocol Anomaly Detection IDS - Honeypots"
Next in thread: Rob Shein: "RE: Protocol Anomaly Detection IDS - Honeypots"
Reply: Rob Shein: "RE: Protocol Anomaly Detection IDS - Honeypots"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:10 EDT