|
-
July 1st, 2003, 03:53 PM
#1
Symantec Honeypot??!?!? (Symantec Decoy Server)
I could be reading this wrong, but i think symantec is coming out (or has come out with) a honeypot prog for your network.
check it out.
symantec decoy server
http://enterprisesecurity.symantec.c...?ProductID=157
i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.
-
July 1st, 2003, 03:59 PM
#2
Senior Member
i noticed that many vendors for various appliance/software is doing their own version of psuedo-IDS type of system. even web filtering vendors like websense added to their v.5 line of their product to "trap" unqualified web activity, etc... didn't symantec recently bought an security firm also dealing with IDS'?
-w0rm3y
-
July 1st, 2003, 11:26 PM
#3
Junior Member
seems to be something like that... didnt found any honeypot yet (i think :Q)
but who will buy this? only big firms that have a well configured sytems and server just to be sure everything is ok...
-
July 2nd, 2003, 12:00 AM
#4
Originally posted here by CraZy_AhmaD
seems to be something like that... didnt found any honeypot yet (i think :Q)
but who will buy this? only big firms that have a well configured sytems and server just to be sure everything is ok...
Unless SickyourIT and I are both reading this wrong  , I would say that this is the definition of a honeypot. It lures in attacks and allows you to monitor the attacker's activity while they are in a confined environment. I don't know if I'd buy it, but I would say that "Decoy Server" is just Symantec's way of marketing a honeypot. Nice link, SickyourIT...
-
July 2nd, 2003, 06:04 AM
#5
I've heard about it, but I think Symantec may have bought it, or the company who developed, and called it it's own. It's called ManTrap, runs on Solaris systems and is incredibly pricey. Lance Spitzner talks about it in his "Honeypots: Tracking Hackers" book, an entire chapter actually, but makes no reference to it being owned by Symantec.
If it's the same one I'm thinking of, it runs on Solaris and creates "cages" which are basically images of fully functional OSes, allowing the attacker to interact with them like a normal OS. Only difference is, is that "he's", being watched. I also hear, through the grape vine, that it's insanely expensive, upwards of $24,000(US), for the version that allows the maximum of four cages. Lesser cages is lesser in cost, but still in the thousands of (US)dollars.
It's some cool stuff though. A group using it was able to discover a previously unknown dtspcd vulnerability in Solaris systems using ManTrap.
-
July 2nd, 2003, 08:30 AM
#6
Here is an idea. Why buy a program to use as a honeypot. Why not just make a "real" one?
What happened to that idea? Now we gotta have a damn program for everything. I do realize that alot of these programs are really good. But they all have one flaw. They are all the same. When an exploit is found to actually gain arbitrary information about a symantec honeypot, or how to fingerprint it, how to hack it. How ever you wanna exploit it, Your screwed. Just like the other five hundred thousand people that bought it. Till they patch it of course. Let's be realistic for a second. People who are looking for mischief are only as honest as their options. If I can't deface that page the first two or three tries. I try something else. Your big iron takes the sorry trojan scan, the IDS kicks in and you know who they are there before they figure out what they are trying to root.
2 cents
Your heart was talking, not your mind.
-Tiger Shark
-
August 22nd, 2003, 07:15 AM
#7
Junior Member
Symantec just renamed Mantrap to decoy server. they bought mantrap and manhunt from recourse technologies last year. (The symantec website makes a reference to the name change). I heard about it on some web conference (SANS?). Will have to try it.
Symantec Decoy Server*
*(Formerly Symantec ManTrap)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
