Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > IDS-list> 1999-q4

IDS Archives: Re: IDS: RE: Honey pots / decoy servers

Re: IDS: RE: Honey pots / decoy servers

The Roesch's (roeschclark.net)
Thu, 26 Aug 1999 23:06:03 -0400

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Matt Lemsing: "IDS: intruder detection tools - detecting when someone is port scannin g your stsrems..?"
Previous message: Amit Kaushal: "IDS: ODI/NDIS mapper 2.0"

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------

--- John Evdemon wrote: > > Isn't there a potential danger to using honey-pots? > > For example, what if the cracker realizes s/he is "in" a honey-pot and starts > causing some real damage as a retailiation??

I'd say no more or less than an attacker realizing that they have been detected by any intrusion detection technology. The smart hacker should stop transmitting traffic at the point he realizes he has been detected, or if he has the means, try to cover up the fact/destroy evidence. In general there's no sense giving the target any more information, so the best policy for the attacker is to leave immediately.

-Marty

--
Martin Roesch
roeschclark.net
http://www.clark.net/~roesch

Next message: Matt Lemsing: "IDS: intruder detection tools - detecting when someone is port scannin g your stsrems..?"
Previous message: Amit Kaushal: "IDS: ODI/NDIS mapper 2.0"

This archive was generated by hypermail 2.0b3 on Fri Aug 27 1999 - 11:11:09 CDT