Honeypots mailing list archives
Re: Introducing the Tactical Honeynet Deployment Project
From: Lance Spitzner <lance () honeynet org>
Date: Tue, 2 Sep 2003 08:00:59 -0500 (CDT)
On Mon, 1 Sep 2003 Valdis.Kletnieks () vt edu wrote:
And a good honeypot should look like a production server to pull them away from the true targets, right? I would think that df and ps should turn up exactly what would look right for the machine it's supposed to be. Or am I way off base?One quick 'df' tells me if I'm on our production Oracle server or our test Oracle server, because the test server has only one terabyte of disk on it. Similarly for 'ps'...
One of the common threads I've seen are people concerned about honeypots being detected because of little activity. As such, a great deal of focus has been on adding more 'activity' to the honeypots. Why not take a different approach and deploy honeypots that are expected to have less activity. For example, deploy a webserver, but have it 'under construction'. As its still being built, it would not have any production traffic, and would have minimal activity. Vladis, you mention the idea of a test Oracle system. Why not create a honeypot that has the illusion of being a test system? Or perhaps an outdated mail server that has been shutdown, but one an admin has forgotten to remove from the network? Just a though, there is always more then one direction to try out. lance
Current thread:
- Introducing the Tactical Honeynet Deployment Project Michael Anuzis (Aug 30)
- Re: Introducing the Tactical Honeynet Deployment Project greg (Aug 31)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Greg Tracy (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Damian Menscher (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Lance Spitzner (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project greg (Aug 31)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Brenton (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Brenton (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Thomas Jones (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 02)
- <Possible follow-ups>
- Re: Introducing the Tactical Honeynet Deployment Project Jeremy Pierson (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)