- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Enhancing IDS using, Tiny Honeypot
- Abstract
- One of the problems encountered with network intrusion detection systems is that the logging of failed connection attempts only occurs when services are not listening on a scanned port. When a RST signal terminates a TCP connection attempt, the system never sees or logs the data payload that the remote machine was trying to send into the network. A honeypot can provide such a mechanism by completing the connection attempt and then recording the interactions between the honeypot and the machine making the connection. Being able to capture and analyze the data payload can help determine the intent of the connecting machine. It can also provide information that allows the discovery of new exploits and the construction of custom ID rules.