Comments on Fred Cohen's "Deception Toolkit"

From: Jeremy Epstein (jepsteinat_private)
Date: Wed May 13 1998 - 11:54:28 PDT

Next message: Shane Mason: "RE: PPTP (again)"

Previous message: Roger Marquis: "System Patches, keeping current (was: NT vs Unix on the Internet)"
Next in thread: Postmaster: "Re: Comments on Fred Cohen's "Deception Toolkit""
Reply: Postmaster: "Re: Comments on Fred Cohen's "Deception Toolkit""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A couple of months ago Fred Cohen announced the availablility of his
"deception toolkit" (details are available at http://all.net/dtk).  It's
basically a set of tools that you can put on your system to simulate a
"honeypot", that do lots of logging.  For example, you put his "telnet" out
there and find people rattling doorknobs (rather than just having nothing
to respond, in which case you're less likely to know that someone was
trying).  My initial inclination is that it's a pretty lame excuse for an
intrusion detection system, but am looking for more knowledgable opinions!

Anyway, I've looked around the net (including searching archives of this
list), and have found very little discussion of his "product".  Any
opinions out there?

Thanks for your input!
--Jeremy

Next message: Shane Mason: "RE: PPTP (again)"
Previous message: Roger Marquis: "System Patches, keeping current (was: NT vs Unix on the Internet)"
Next in thread: Postmaster: "Re: Comments on Fred Cohen's "Deception Toolkit""
Reply: Postmaster: "Re: Comments on Fred Cohen's "Deception Toolkit""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:13 PDT