honeypot ?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

my superior has suggested that if there are suspicious activities
going on our webserver and that patterns show that someone is trying
to hack our webserver,
we can redirect that traffic to a honeypot ( which is a mirror of our
webserveR ) as a measure to thwart the hacker attempt.
Would this be possible?? How easy is it to configure one such

Re: honeypot ?

s99999999s2003@yahoo.com says...
Quoted text here. Click to load it

No, if they are going after a site they've found, they will continue -
get a firewall that detects the attacks and auto-blocks them for XX

(Remove 999 to reply to me)

Re: honeypot ?

Leythos wrote:

Quoted text here. Click to load it

A honeypot/honeynet is simply a system/network that has been
purposefully left vulnerable...the savvy network admin is simply
dangling this carrot in front of a hacker's face in the hope that they
choose to investigate that network instead of their own.  You can read
about this ad nauseum at http://project.honeynet.org/misc/project.html .
   I think this is a labour intense means of achieving little in the way
of security. Instead, think defense in depth...use host and network IDS,
firewalls and logging.  Make sure your server sare patched and conduct
regular audits.  Unfortunately there is no simple solution to this problem.



Re: honeypot ?

Arviragus wrote:
Quoted text here. Click to load it

No wonder. Honeypots and -nets are research tools to analyse what kinds
of attacks are going on, or are being prepared. They do not protect in
real time, except possibly as a side effect.

-- Lassi

Site Timeline