Honeypots mailing list archives
RE: Does it really take so long to get a bite?
From: "Greg van der Gaast" <greg.van.der.gaast () ordina nl>
Date: Mon, 9 Dec 2002 13:33:37 +0100
As far as the Sparc honeypots are concerned, they are definitely attacked as well. My Sun Blade at home gets some hits directed at relatively recent solaris exploits. Considering how hugely popular some solaris exploits (specifically sparc) have been in the past (STATD anyone?) I'm pretty sure these systems will come under attack. Trouble is that many of these exploits needed to be compiled on sparc solaris systems which not nearly as many script kiddies have access to. A more secure system obviously has less chance of being compromised. Having such a system on a home connection would mean fewer hostile hits. Reason for this is that if someone is going to have to make an effort to break into something, they'll at least want it to be interesting. If Joe Hacker has to break in to a relatively secure box, he'd rather spend his energy breaking into, say, Ford Motor Company's R&D department than your personal PC on some consumer ADSL provider... Regards, Greg van der Gaast Lead Consultant Ordina Public West SDS Security -----Oorspronkelijk bericht----- Van: Chris Reining [mailto:creining () packetfu org] Verzonden: Sunday, December 08, 2002 8:38 PM Aan: Lance Spitzner CC: honeypots () securityfocus com Onderwerp: Re: Does it really take so long to get a bite?
As many folks have disscussed, it depends on a variety of variables. Two years ago, RH 6.2 would have been hacked in hours. However, folks have moved onto new 'exploit-du-jour', so what was highly
'hackable'
two years ago may take weeks or even months. When the OpenSSH exploit was released, it was possible for RH 6.2 or even RH 7.2 boxes to last longer then an unpatched OpenBSD box. So, TTL is often based on what the favored exploit happens to be at that time. Also, keep in mind, the harder your honeypot is to break into, the
more
you can learn. However, the harder it is to break into your honeypot, the more value you have to give it. If the bad guys just want
systems,
they will skip your harden honeypot and go for the easy kill. All depends on the type of clientle you wish to attrack.
I am wondering if hardened honeypots will ever get compromised? Let's say that I run a honeypot with only one accessible service running. This service is exploitable by code that's in the public domain, but would require the attacker to search for it. What are the odds of compromise? And better yet, let's say this honeypot is on residential internet service. Does that factor play any role? Have other honeypotters run a hardened system only to give up months later after no compromise?
One of the interesting things the Honeynet Project has seen is
different
operating systems attrack different clientle. Linux hackers tend to
be
a different community then Solaris, OpenBSD, or Window hackers. We do not have enough data to come to any conclusions, but something to keep your eyes open for :)
What about Sparc hackers? Do they exist? I ran a Sparcstation honeypot for awhile and had the odd x86 exploit thrown at it but never compromised. I have heard stories of Sparc honeypots up for years w/o being hacked. Chris
Current thread:
- Does it really take so long to get a bite? marc (Dec 07)
- RE: Does it really take so long to get a bite? Andrew Hintz (Drew) (Dec 07)
- Re: Does it really take so long to get a bite? Chris Reining (Dec 07)
- Re: Does it really take so long to get a bite? ktimm (Dec 07)
- Re: Does it really take so long to get a bite? Lance Spitzner (Dec 07)
- Re: Does it really take so long to get a bite? Mike Clark (Dec 08)
- Re: Does it really take so long to get a bite? Chris Reining (Dec 08)
- Re: Does it really take so long to get a bite? Mike Clark (Dec 09)
- Re: Does it really take so long to get a bite? Brian Hatch (Dec 09)
- Re: Does it really take so long to get a bite? Robert G. Ferrell (Dec 09)
- RE: Does it really take so long to get a bite? Greg van der Gaast (Dec 09)
- Re: Does it really take so long to get a bite? Anton A. Chuvakin (Dec 09)
- Re: Does it really take so long to get a bite? marc (Dec 09)
- Re: Does it really take so long to get a bite? Brian Hatch (Dec 10)
- Re: Does it really take so long to get a bite? TageTora (Dec 12)
- Re: Does it really take so long to get a bite? Brian Hatch (Dec 12)
- RE: Does it really take so long to get a bite? Andrew Hintz (Drew) (Dec 10)
- RE: Does it really take so long to get a bite? Adam Graham (Dec 10)
- Re: Does it really take so long to get a bite? Thomas Sjögren (Dec 10)
- Re: Does it really take so long to get a bite? Anton Chuvakin (Dec 10)
- Re: Does it really take so long to get a bite? Thomas Sjögren (Dec 10)