Honeypots mailing list archives
AW: Honey VS Vinegar
From: "Stephan Riebach" <riebach () exp-math uni-essen de>
Date: Tue, 2 Nov 2004 12:29:44 +0100
Reading all your posts I wondered if aggressive tactics do really provoke new/interesting attacks. More precisely I wondered how far we should go?! I tested some tactic earlier by installing a P2P client on a honeypot and provoking attacks by "annoying" users. I created random data files with "dd" and converted them to the mp3 format using lame (http://lame.sourceforge.net/). I gave those fake files the names of famous Top20 songs and provided the files with my KazaaLite client. I also provided some real large faked files which I simply renamed as zip or rar archive, e.g. "Windows2000Prof.zip" . The honeypot was online for 6 weeks and many files were downloaded but really no new/unusual/special attack could be detected in this time. Just the well-known port 135 and 445 signatures. I also run a web server on this honeypot and I hoped to increase attacks with this "annoying" tactic. Maybe you can compare this with fishing and my lure was bad or I simply had no luck. :-) Or maybe I proofed that P2P users are harmless and never attack anybody. :-) Cheers! Stephan
Current thread:
- Honey VS Vinegar Polazzo Justin (Oct 27)
- Re: Honey VS Vinegar Valdis . Kletnieks (Oct 27)
- <Possible follow-ups>
- Re: Honey VS Vinegar the rxmr (Oct 27)
- Re: Honey VS Vinegar Jeff Bryner (Nov 01)
- AW: Honey VS Vinegar Stephan Riebach (Nov 02)
- Re: AW: Honey VS Vinegar Adam Graham (Nov 02)
- RE: Honey VS Vinegar lubomir nistor (Nov 02)
- Re: Honey VS Vinegar Jeff Bryner (Nov 01)