[Discussion] Hooks for Other than Blocking

• Previous message (by thread): [Discussion] Hooks for Other than Blocking
• Next message (by thread): [Discussion] Hooks for Other than Blocking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Friday 19 December 2008 23:20:42 Thorsten Holz wrote:
> On 19.12.2008, at 21:17, Matt Jonkman wrote:
> > I like this idea a lot as well. Snort bait n switch style, redirect an
> > attacker to a honeypot.

 Redirection could also be used to escalate to more CPU intensive checks 
(antiviruses?), or to provide human feedbacks in order to do some supervised 
learning.
 Think about blocking some "high confidence" attacks and introducing some 
human interaction on more uncertain results in order to improve detection 
with time.

-- 
Claudio Criscione

Secure Network S.r.l
Via Venezia, 23 - 20099 Sesto San Giovanni (MI) - Italia
Tel: +39 02.24126788 Mob: +39 392 3389178
email: c.criscione at securenetwork.it
web: www.securenetwork.it

• Previous message (by thread): [Discussion] Hooks for Other than Blocking
• Next message (by thread): [Discussion] Hooks for Other than Blocking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]