HI all,
In the previous mail, sorry to mispell "snort" as "snot". Please read
it as snort.
I know how much the meaning changes to write snort as snot.
Because there is a tool named "snot" to test "snort" like IDS products.
Sorry for inconvinience,
Best Regards,
-Ravi
Ravi wrote:
> Greetings all,
> This is my first posting to this mailing list.
> I am very much fascinated by this technology, Pls Help me how
> efficiently I can use honeyd/Hoenypots.
>
> I have seen articles describing the results after evaluating honeypots
> and honeyd for production and research as well. As these honeypots
> became almost stable can we start using honeypots to benchmark other
> IPS/IDS products.
> I would like to know How well can I use honeypots to evaluate IPS/IDS
> products.
>
> I think of following scenario:
>
> Nessus-------- IPS---------Honeypot
> |
> |
> ----- snort
>
>
> Nessus will generate attacks to exploit IPS, HOneypot or Honeyd will
> receive the attacks when IPS fails to block the attacks. Snort will be
> used as packet logging and to group the attacks received to
> Honeypot/HoneyD.
> I assume this way I can evaluate IPS products.
>
> Coming to the drawbacks of such a set-up:
> - We have made assumption that HoneyPot/HoneyD is almost stable
> - The evalutaion is also depending on snort capablility of logging
> packets. Snort s performance to work under high loads may effect the
> evaluation
>
> I request if anyone who have evaluated any IPS products share their
> experiences and help to do so. And any idea of Nessus scripts to
> evaluate IPS.
>
> Best Regards,
> Thanks in advance,
> -Ravi
>
>
Received on Fri Dec 19 2003 - 09:55:49 PST
