WhyNot?

Honeypot feedback/automation

Category: Software
Responses: 1 (1 in support, 0 neutral, 0 in opposition)
Number of views: 959
Tracking: Track this idea
Community Rating:Average AverageYour Rating:

Obvious, but I'll mention it anyway...

Information gathered by a honeypot (or another system monitoring a honeypot or comms to/from a honeypot) can be used to initiate/control/inform security operations on another machine/virtual machine/network.

For instance, an attempt to access a honeypot could lead to the immediate blacklisting of the attackers IP address across all sites of an organization (involving multiple gateways/firewalls).Also, humans can be informed to mitigate false positives (the proof is always surpassed by the fool).

Another example is the use of a virtual honeypot to trigger the automatic forensic examination of the machine which contacts the honeypot. If this machine is within a controlled network, the traffic to/from the suspect machine can also be analysed.

nihil, Mar 05 2007

What do you think of this idea or comment?
(You can change your vote at any time)

agree I agree no opinion No opinion disagree I disagree

Users who liked this idea also liked:

Better Brake Light (446 votes) Very strong
Aerial pictures in flight (218 votes) Very strong
GPS and Digital Photos (173 votes) Very strong
Ending the war on drugs (247 votes) Very strong
LED street lights (12 votes) Very strong
Ubiquitous virtual honeypots (7 votes) Strong
Bubble Wrap – Pop and Smell (9 votes) Strong
Compiler Security Optimization (4 votes) Average
accelerometer as joystick/mous (3 votes) Average
Hot Chocolate Icecream (2 votes) Average

Other ideas in category (Software):

Salty encryption (1 votes) Average
mute a web page (11 votes) Strong
Distributed set with bittorren (1 votes) Average
Text VoIP (1 votes) Average
Economics Simulation (9 votes) Strong
Invention Management Software (3 votes) Average
Attachment Notation (137 votes) Very strong
Fight Recognition Software (3 votes) Average
Make Photo Slideshow yourself (2 votes) Average
Studying leaf patterns (3 votes) Average
Encryption (3 votes) Weak
Searching for images (6 votes) Average
Compiler Security Optimization (4 votes) Average
Vector Datatype (3 votes) Weak
LIP-C (1 votes) Average
Spell checker collector (2 votes) Average
Cascading search (3 votes) Average
Software Formula for 2000 Years (3 votes) Weak
Triangular Pixels (4 votes) Average
Forwarding sent email message (5 votes) Average
Organise the Start menu (6 votes) Average
Simple Shared Key Setup (1 votes) Average
DDR-style piano software (4 votes) Average
root means suid (2 votes) Average
Scorchware (2 votes) Average
Six Degrees of Computation (2 votes) Average
X-drive ==> 2 physical drives (3 votes) Average
Fast parallel secure hashing (1 votes) Average
Standardized EULA (2 votes) Average
Description field for email (3 votes) Average
Honeypot feedback/automation (1 votes) Average
Audio bass and treble (3 votes) Average
Extension that highlights tags (1 votes) Average
Upper-lower case (2 votes) Average
New image file format (2 votes) Average
dual scroll bars (6 votes) Average
Tabbed Working (3 votes) Average
Temporary file highlight (5 votes) Strong
Better Search Engine Links (2 votes) Average
Smarter Programming (5 votes) Strong
Linux Distro for Business (2 votes) Average
File multiple rev eliminator (3 votes) Average
Mech. Design Software (2 votes) Average
Checking email addresses (3 votes) Average
Why Powerpoint? Be nonlinear (6 votes) Strong
Chat with iTunes Listeners (3 votes) Average
Ebay database (2 votes) Average
Encrypts the whole OS (2 votes) Average
Wind offset for car (3 votes) Weak
Collaborative License Rating (4 votes) Average
Multiscopic image modeler (2 votes) Average
Simple fix for posting here (1 votes) Average
Torrent-based podcasting (2 votes) Average
Browser Preloads Next Page (4 votes) Average
Officepets (3 votes) Average
Self Authentication & Decryptn (1 votes) Average
Ductile disk encryption (2 votes) Average
Printing Cost per Page (2 votes) Average
Community Font Classification (1 votes) Average
Ubiquitous virtual honeypots (7 votes) Strong
MS Outlook spouses (1 votes) Average
MS Outlook Contacts updates (1 votes) Average
One card for the wallet (12 votes) Strong
Camera as A4 Scanner (6 votes) Strong
Ogg/PCM (3 votes) Average
Keyboard equivalents (1 votes) Average
OS for visually impaired (4 votes) Average
Window Size Limiter (1 votes) Average
Print Police (1 votes) Average
MS Outlook Highlighter (1 votes) Average
Eye-Tracking Video Drivers (2 votes) Average
Linipedea (3 votes) Weak
MS Word Bookmarks & Summaries (3 votes) Average
anti-virus T-cells (2 votes) Average
savable scroll bars (2 votes) Average
save changes dialog options (3 votes) Average
Viral Marketing in Open Source (7 votes) Weak
Microsoft CD Bug Fixes (4 votes) Average
Virtual Scanner Software (5 votes) Average
Better Shrink Wrapped License (3 votes) Average
Bayesian learning for (4 votes) Average
enclosures (2 votes) Average
Chat Prog & Problem Solving (2 votes) Average
Comments from other members:

Add your comment

Modern IDS systems already implement this. The honeypot aspect is not useful from a corporate perspective, but an active IDS is. Honeypots are great at security research tasks. Research and real defense are two very different things.

Corporations are not interested in performing research, but rather just want to defend the network. Taking a specific vendor as an example, Sourcefire (from the maintainer of Snort) have the RNA brand they sell for this task. Train the RNA server, and you can have automated responses to various threats. Frequently, that is all they want - to be aware of a potential attack, mitigate it, and have the log around in case future action is necessary.

toastydeath, Mar 05 2007