OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: cyber cop - CyberCop Sting
From: Steve (steveSECURESOLUTIONS.ORG)
Date: Thu Jun 15 2000 - 16:39:28 CDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Preston.

I'm not sure if you have ever ran CyberCop Sting (their honeypot
solution). The product appears to be in its very early stages and
during some tests I performed today on it. It was horrible.

CyberCop Sting Faults:

        1.) Lacks an interface
        2.) Logging is horrible and disk intensive. Hope you have a lot of
time to go through horrible txt files.
        3.) While it logged a few attacks, it rated them all as 0 risk.
Obviously an oversight.

Hopefully, the product will improve in the furture as I think the
idea of honeypots is a sound one.

Regards

Steve Manzuik
Secure Solutions
www.securesolutions.org

>
> If you are considering cybercop you should really consider
> buying the entire suite. The suite includes and entire honeypot
> network which unfortunately only runs on NT (Honey pot boxes:
> Solaris boxes, NT, Cisco routers). The suite also comes with host
> based intrusion
> detection for both
> NT and Solaris (unfortunately only 2.6 right now) The scanner
> itself can run on both NT and Rethat Linux (last version I know
> they support is 5.2). The scanner "excluding freeware" products in
> my opinion is the best out on the market. The scanner comes with a
> great tool called CASL
> witch also you
> to create your own packets. Overall if you are just looking for
> a scanner,
> there are plenty of freeware scanners that can get the job done.
> If your looking for an entire suite, cybercop is the best that I
> have tried out.
>
> Preston Hogue
>

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOUlNAzV9eGvIXwM6EQIe5gCg+u/CsO3NMFE90Oc1s/0ZzpEAvAIAoKzZ
hMlqlTigHYLrO1sQj8AwasbF
=Byg2
-----END PGP SIGNATURE-----