Penetration Testing mailing list archives
Re: A kind of Honeypot
From: "Nexus" <nexus () patrol i-way co uk>
Date: Wed, 20 Jun 2001 19:18:22 +0100
Purely a IMHO, but that goes well beyond a honeypot as anyone could inadvertantly browse to that site. If I browsed to a site and all my alarms went off (as they would if it does what you described) then I would consider that a bit of a liberty and might consider getting in your face ;-) As I said, purely a personal thing, but I would consider a website like that hostile.. *shrug* Surely a honeypot should be a subtle creature, not one that roars ? Cheers. ----- Original Message ----- From: "Nicolas Gregoire" <nicolas.gregoire () 7thzone com> To: <pen-test () securityfocus com> Sent: Wednesday, June 20, 2001 9:42 AM Subject: A kind of Honeypot
Hi all, I plan to make a website just for my pen-tests. This website grabs as much as possible info from the visitors (IP, browser, proxy, etc ..), tries to exploit some common vulns of browsers (Guninski's page is a good start for this) and hosts a passive fingerprinting app. The victims are "spammed" with some misc. content (p0rn, free CD/DVD, jokes) linking (or redirecting) to the site. Has anybody ever do that ? Nicob
Current thread:
- A kind of Honeypot Nicolas Gregoire (Jun 20)
- Re: A kind of Honeypot max (Jun 21)
- Re: A kind of Honeypot Nexus (Jun 21)
- RE: A kind of Honeypot Andrew van der Stock (Jun 21)
- Re: A kind of Honeypot Lance Spitzner (Jun 21)
- <Possible follow-ups>
- Re: A kind of Honeypot Antonio Stano (Jun 22)