Hi Tomas, That is not true. There are many types of honeypots and honeynets. What that person may have been talking about are low interaction honeypots as opposed to high interaction honeypots. High interaction honeypots allow and attacker into the machine (since they are purposely insecure) and there are many tools like sebek and snort-inline to help you figure out exactly what went on in your honeypot. For example sebek, which is a kernel mode rootkit, can capture all the commands the attacker entered even if he communicates over SSH. You will be able to capture all of his tools, exploits and whatever else be brought over. You should look into the honeynet project and the honeywall CD called Walleye if you are interested in learning more (http://old.honeynet.org/papers/virtual/). Papers are located here: http://www.honeynet.org/papers and the honeynet mailing list is available here: http://www.securityfocus.com/archive/119/description
There is also a wealth of information here http://www.honeypots.net/honeypots/links If you have any questions please feel free to ask, but you'll more likely be able find more information on the honeynet mailing list or by asking me :) I'll also be writing about the honeynet project soon at my blog: http://nodereality.com I hope that helps On Tue, Jun 30, 2009 at 10:18 PM, Tomas Olsson<[email protected]> wrote: > Hi, > I have a newbie question related to intrusion detection. It was suggested to > me that Honeypots only catches automated attacks, is that true? How can we > know which attacks are not caught? Is there any papers on what sort of > attacks are caught by using honeypots? > > Regards > Tomas > > > ----------------------------------------------------------------- > Securing Your Online Data Transfer with SSL. > A guide to understanding SSL certificates, how they operate and their > application. By making use of an SSL certificate on your web server, you can > securely collect sensitive information online, and increase business by > giving your customers confidence that their transactions are safe. > http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194 > > > ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
