Honeypots mailing list archives
Re: profiling honeypots..
From: paul <xml () mailandnews com>
Date: 07 Apr 2003 14:38:34 +0100
On Mon, 2003-04-07 at 13:07, Garrett Sinfield wrote:
Perhaps 'hackers' that have some potential skill, and who pose a serious security threat might have a list, but I highly doubt that script kiddies (the people that the honeypots usually attract) have a list of sites, and addresses of honeypots. Just my .02 cents.
I got one guy from Italy who was logging in day after day, finding his rootkits missing (I rewound vmware) and just went and downloaded and installed them time after time. I finally decided on a new policy, any visitors are allowed in but whenever they download anything I firewall access to that box so they can't use it again and have to get stuff from elsewhere. Still, I find it highly improbable that anyone who's visited my honeypots is capable of a feat of organisation as suggested. Nobody so far has hardly even had a sniff around the honeypot, never mind the LAN, nor even done a traceroute. Paul
Current thread:
- Re: profiling honeypots.., (continued)
- Re: profiling honeypots.. Dominik Lupinski (Apr 07)
- Re: profiling honeypots.. Bernie, CTA (Apr 07)
- Re: profiling honeypots.. Anton A. Chuvakin (Apr 07)
- Re: profiling honeypots.. Bernie, CTA (Apr 07)
- RE: profiling honeypots.. Toby Miller (Apr 07)
- RE: profiling honeypots.. Nigel Clarke (Apr 07)
- RE: profiling honeypots.. Toby Miller (Apr 07)
- RE: profiling honeypots.. Nigel Clarke (Apr 07)
- Re: profiling honeypots.. Anton A. Chuvakin (Apr 07)
- RE: profiling honeypots.. Bernie, CTA (Apr 07)
- Re: profiling honeypots.. paul (Apr 07)
- Re: profiling honeypots.. Seth Arnold (Apr 07)