Re: Honeypot Server

[p1g <killfactory () gmail com>]

nmap to fingerprint.

As someone else mentioned, be suspicious of the mixture tof services
you may find.

I find it suspicious when a host is offering linux and windows
services on the same host ;)

On Jan 18, 2008 4:37 AM,  <m.farid.shawara () gmail com> wrote:
> Thanks for all of you ...
>
> When I said Alerting I meant that I should be able to sense the attack when
> it happens.
>
> Another question :
> If I am an attacker - is there anyway to fingerprint it and know that it's
> not a server and it's a just a honeypot ...
>
> My problem is that depending on the already known versions of the honeypots
> and honeynets software - the attackers will always be able to identify them
> and thus avoid doing any activities on them ...
>
> Thanks ,,,
> -----Original Message-----
> From: pinowudi [mailto:pinowudi () gmail com]
> Sent: Friday, January 18, 2008 4:44 AM
> To: m.farid.shawara () gmail com
> Subject: Re: Honeypot Server
>
> honeypots are not for alerting.  they are for researching the unknown.
> Look to snort or a nids for your requirements.
>
> m.farid.shawara () gmail com wrote:
>
> > Dear All :
> >
> > Can you advise what is the best honeypot server available
> > Open-source or commercial - it doesn't matter as long as it will be easy
> to
> > administrate and easy to monitor and alerted ...
> >
> > Mohamed Farid ...



-- 
-p1g
SnortCP
  ,,__
o"     )~  oink oink
   ' ' ' '

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke