Honeypots mailing list archives
Re: New whitepaper released & a question to the community
From: Bill McCarty <bmccarty () apu edu>
Date: Sun, 02 Mar 2003 19:42:59 -0800
--On Sunday, March 02, 2003 4:53 PM -0500 Michael Anuzis <michael_anuzis () hotmail com> wrote:
Could anyone out there who is currently/actively running successful honeypots offer me any advice on which OS/vulnerability (bait) I may try if I want to catch some of today's hackers?
Hi Michael, FTP exploits remain in common use. But, many attackers use broken tools or don't use their tools properly. So, I'd expect you to see FTP attacks regularly, but compromises only seldom. RPC attacks are also still common. Successful compromises via RPC are unusual, like those via FTP. For RHL 7.2, exploits targetting the OpenSSL vulnerability in Apache are becoming quite common. However, a successful attack confers only non-root access. Thereafter, many attackers seem unable to escalate their privileges to root. That's my current experience in a nutshell. I have some reason to believe that it generalizes rather broadly. Good hunting, --------------------------------------------------- Bill McCarty
Current thread:
- New whitepaper released & a question to the community Michael Anuzis (Mar 02)
- Re: New whitepaper released & a question to the community Bill McCarty (Mar 02)
- Re: New whitepaper released & a question to the community Anton A. Chuvakin (Mar 04)
- Re: New whitepaper released & a question to the community Bill McCarty (Mar 02)