On Sat, 9 Mar 2002, Ofir Arkin wrote:
> In my opinion it will be missing the main point of a Honeynet.

One that that has been gleaned from the honeypots lists is that there are
many possible reasons for running a honeypot.

>
> We all know that we can cut the foreplay pretty fast (scanning, probing)
> and hit the site with an exploit even without the scanning attempt (read
> this in the context :P). But than what? Exploit fails, not much
> information gained, and we miss the funny part.

One of which is to collect new exploits. As you state, you don't get to
watch the attacker operate once they get a shell, but you do get to pull
the exploit off the wire.

                                        Ryan

---------------------------------------------------------------------
To unsubscribe, e-mail: honeypots-unsubscribesecurityfocus.com
For additional commands, e-mail: honeypots-helpsecurityfocus.com
---------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service. For more information on SecurityFocus' SIA service
which automatically alerts you to the latest security vulnerabilities.
Please, see: https://alerts.securityfocus.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]