Honeypots mailing list archives
Re: fake services
From: m m <msf2net () yahoo com>
Date: Tue, 28 Jan 2003 15:12:26 -0800 (PST)
honey grp wrote: hi,We are a project group of five working onhoneypots. We have studied many honeypots till now. Sofar we have observed that most of the honeypots do notproper login to fake services. They just show thebanner i.e. the Welcome screen for ftp and telnet ,ask for login and password and say "Denied access".Why don't they give a fake service like showing somefake files or so??? Is it that if the hacker gets the access he caneasily compromise the honeypot..... Plz let us know ifany honeypot allows the hacker to login properly andgive him the access. Hi, Have you tried this honeypot ? http://www.spitzner.net/honeypot.html "Specter Specter is a commercial product and what I would call another 'low interaction' production honeypot. It is similar to BOF in that it emulates services, but it can emulate a far greater range of services and functionality. In addition, not only can it emulate services, but emulate a variety of operating systems. Similar to BOF, it is easy to implement and low risk. Specter works by installing on a Windows system. The risk is reduced as there is no real operating system for the attacker to interact with. For example, Specter can emulate a webserver or telent server of the operating system of your choice. When an attacker connects, it is then prompted with a http header or login banner. The attacker can then attempt to gather web pages or login to the system. This activity is captured and recorded by Specter, however there is little else the attacker can do. There is no real application for the attacker to interact with, instead just some limited, emulated functionality. Specters value lies in detection. It can quickly and easily determine who is looking for what. As a honeypot, it reduces both false positives and false negatives, simplifying the detection process. Specter also support a variety of alerting and logging mechanisms. You can see an example of this functionality in a screen shot of Specter. " Mario Sergio Jr. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Current thread:
- fake services honey grp (Jan 26)
- Re: fake services sunzi (Jan 26)
- Re: fake services m m (Jan 28)
- <Possible follow-ups>
- RE: fake services Gonzalez, Albert (Jan 27)
- Re: fake services Luis Wong (Jan 27)