Honeypots mailing list archives
Re: deploying honeypots...
From: Barrie Dempster <barrie () reboot-robot net>
Date: Tue, 23 Aug 2005 15:18:42 +0100
On Sun, 2005-08-21 at 19:24 -0400, Valdis.Kletnieks () vt edu wrote:
On Sat, 20 Aug 2005 12:41:20 +0300, Ahmed Ameen said:For you first question I would say leave them with no patches, the opjective is to attract the black-hat community.This is so counter-productive as to be totally nuts. Last I checked, the DSHield survival-time estimate was sitting around 20-25 minutes. Do you *really* want a honeypot that will get whacked twice an hour by the worm du jour?
Indeed. I believe the OP is interested in things other than the 0day. He seems to have an interest in general exploitation traffic. Another approach to this, in order to differentiate between the worm and the actual attacker, is to patch the vulnerabilities that have known worms and leave a few unpatched vulnerabilities that have known exploits or the potential for exploits eg... the advisory says "definite DoS, possible arbitrary code execution". -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
Attachment:
signature.asc
Description: This is a digitally signed message part
Attachment:
smime.p7s
Description:
Current thread:
- deploying honeypots... cyb3rh3b (Aug 19)
- Re: deploying honeypots... Ahmed Ameen (Aug 20)
- Re: deploying honeypots... cyb3rh3b (Aug 20)
- Re: deploying honeypots... Ahmed Ameen (Aug 20)
- Re: deploying honeypots... Valdis . Kletnieks (Aug 21)
- Re: deploying honeypots... Barrie Dempster (Aug 24)
- Re: deploying honeypots... cyb3rh3b (Aug 20)
- <Possible follow-ups>
- RE: deploying honeypots... Connell, Graeme S (Aug 20)
- RE: deploying honeypots... cyb3rh3b (Aug 20)
- Re: deploying honeypots... Damiano Bolzoni (Aug 22)
- Re: deploying honeypots... Valdis . Kletnieks (Aug 22)
- Re: deploying honeypots... Damiano Bolzoni (Aug 23)
- Re: deploying honeypots... Valdis . Kletnieks (Aug 24)
- RE: deploying honeypots... cyb3rh3b (Aug 20)
- Re: deploying honeypots... Ahmed Ameen (Aug 20)
- RE: RE: deploying honeypots... Chen Zhang (Aug 21)
- Re: RE: deploying honeypots... Barrie Dempster (Aug 24)
- Re: RE: deploying honeypots... cyb3rh3b (Aug 26)