New Focus-IDS Focus Area Article

From: Jason V. Miller (jmiller_at_securityfocus.com)
Date: 10/24/03

  • Next message: Martin Roesch: "Re: Announcement: Alert Verification for Snort"
    Date: Thu, 23 Oct 2003 23:02:27 -0600
    To: Focus-IDS <focus-ids@securityfocus.com>
    
    

    List Members,

    The following Focus-IDS Focus Area article was recently published on the
    SecurityFocus site, and may be of interest to list readers.

    Fighting Internet Worms With Honeypots
    By Laurent Oudot Oct 23, 2003 (Infocus feature article)

    This paper will evaluate the usefulness of using honeypots to fight
    Internet worms, including a discussion on capturing a worm, redirecting
    worm traffic to fake services, launching counter attacks to clean infected
    hosts, and finally removing the worm or negating its effects.

    http://www.securityfocus.com/infocus/1740

    Regards,

    -- 
    Jason V. Miller, Threat Analyst
    Symantec, Inc. - www.symantec.com
    E-Mail:	jmiller@securityfocus.com
    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 
    and use priority code SF4.
    ---------------------------------------------------------------------------
    

  • Next message: Martin Roesch: "Re: Announcement: Alert Verification for Snort"

    Relevant Pages

    • Re: help! "your system is shutting down"
      ... "putting up with" the security gap represented by these messages is ... Messenger Service Window That Contains an Internet Advertisement ... Popup-killer from http://12ghosts.com/ghosts/popup.htm, Pop-Up Stopper ... What You Should Know About the Blaster Worm ...
      (microsoft.public.security.virus)
    • Cisco Security Advisory: MS SQL "Sapphire" Worm Mitigation Recommendations
      ... Cisco Security Advisory: MS SQL "Sapphire" Worm Mitigation Recommendations ... set security acl ip WORM deny udp any eq 1434 any ...
      (Bugtraq)
    • CERT Advisory CA-2001-20
      ... in compromises of home user machines. ... to date with security patches and workarounds, ... worm after it has infected a victim system. ... used to initially compromise the machine may not be enough. ...
      (Cert)
    • [Full-Disclosure] Cisco Security Advisory: MS SQL "Sapphire" Worm Mitigation Recommendatio
      ... Cisco Security Advisory: MS SQL "Sapphire" Worm Mitigation Recommendations ... set security acl ip WORM deny udp any eq 1434 any ...
      (Full-Disclosure)
    • Beware new SOBER worm
      ... mbies Boost New Sober Variant ... Anti-virus and e-mail security companies warned Internet users Tuesday ... editions of the same worm. ... Opening the file launches the Sober worm and infects the computer, ...
      (uk.telecom.broadband)