Honeypots mailing list archives

Re: fake services

From: m m <msf2net () yahoo com>
Date: Tue, 28 Jan 2003 15:12:26 -0800 (PST)

 honey grp  wrote: 

hi,We are a project group of five working onhoneypots.
We have studied many honeypots till now. Sofar we have
observed that most of the honeypots do notproper login
to fake services. They just show thebanner i.e. the
Welcome screen for ftp and telnet ,ask for login and
password and say "Denied access".Why don't they give a
fake service like showing somefake files or so??? Is
it that if the hacker gets the access he caneasily
compromise the honeypot..... Plz let us know ifany
honeypot allows the hacker to login properly andgive
him the access.

  Hi,

 Have you tried this honeypot ?

http://www.spitzner.net/honeypot.html

"Specter 
Specter is a commercial product and what I would call
another 'low interaction' production honeypot. It is
similar to BOF in that it emulates services, but it
can emulate a far greater range of services and
functionality. In addition, not only can it emulate
services, but emulate a variety of operating systems.
Similar to BOF, it is easy to implement and low risk.
Specter works by installing on a Windows system. The
risk is reduced as there is no real operating system
for the attacker to interact with. For example,
Specter can emulate a webserver or telent server of
the operating system of your choice. When an attacker
connects, it is then prompted with a http header or
login banner. The attacker can then attempt to gather
web pages or login to the system. This activity is
captured and recorded by Specter, however there is
little else the attacker can do. There is no real
application for the attacker to interact with, instead
just some limited, emulated functionality. Specters
value lies in detection. It can quickly and easily
determine who is looking for what. As a honeypot, it
reduces both false positives and false negatives,
simplifying the detection process. Specter also
support a variety of alerting and logging mechanisms.
You can see an example of this functionality in a
screen shot of Specter. 
"

Mario Sergio Jr.



__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Current thread:

fake services honey grp (Jan 26)
- Re: fake services sunzi (Jan 26)
- Re: fake services m m (Jan 28)
- <Possible follow-ups>
- RE: fake services Gonzalez, Albert (Jan 27)
  - Re: fake services Luis Wong (Jan 27)