Talk With an Expert

Enhancing IDS using, Tiny Honeypot

Enhancing IDS using, Tiny Honeypot (PDF, 2.65MB)Published: 13 Nov, 2006
Created by
Richard Hammer

One of the problems encountered with network intrusion detection systems is that the logging of failed connection attempts only occurs when services are not listening on a scanned port. When a RST signal terminates a TCP connection attempt, the system never sees or logs the data payload that the remote machine was trying to send into the network. A honeypot can provide such a mechanism by completing the connection attempt and then recording the interactions between the honeypot and the machine making the connection. Being able to capture and analyze the data payload can help determine the intent of the connecting machine. It can also provide information that allows the discovery of new exploits and the construction of custom ID rules.