Re: newbie question about honeypot

["J. Bakshi" <bakshi12 () gmail com>]

Many many thanks to show me on the right track and solve my confusion.



On Thu, 20 Aug 2009 11:39:45 -0400
"Rivest, Philippe" <PRivest () transforce ca> wrote:

> Regards
>
> I believe you have the wrong objective for a HoneyPot (or honeynet).
> These technologies are use to make an attacker believe a system is
> more vulnerable than another (the real live production box). As such
> the attacker will hit the Honeypot first (hopefully), waste time and
> if you are lucky/wise alert you before any damage is done.
>
> You shouldn't try to fool an attacker into thinking you are more
> vulnerable than you are. Be secure; don__t add ports on iptables just
> for the sake of the honeypot.
>
> What you want, hiding port and messing up the fingerprint is a totally
> different issue and is OS (and protocol) specific. You could, for
> example, change the banner, change the ports and modify the IP
> settings (Flags and timeout and so one) so that nmap believes you are
> someone you are not. 
> I'm no expert into this specific subject and cant help you setup it
> on your machine (not knowning what kind of *Nix you are using). How
> ever, I do know that theres a bunch of data out there for that.
>
> Passive-Aggressive Resistance: OS Fingerprint Evasion
> http://www.linuxjournal.com/article/4750
>
>
>
> Have fun
> Noted by someelse on the net:
> Trying to modify your OS fingerprint is a fun trick, but you might
> remind your security auditors that it's nothing more than "security
> by obscurity". (i.e. Waste of effort, IMO.)
> http://www.linuxforums.org/forum/misc/96516-os-fingerprint-change.html
>
> being an auditor, I agree its security by obscurity. Its bad if it__s
> the only step you take (IMHO)
>
>
> Philippe Rivest - CEH, Network+, Server+, A+
> TransForce Inc.
> Internal auditor - Information security
> Verificateur interne - Securite de l'information
>
> 8585 Trans-Canada Highway, Suite 300
> Saint-Laurent (Quebec) H4S 1Z6
> Tel.: 514-331-4417   
> Fax: 514-856-7541
>
> http://www.transforce.ca/
>
>
>
> -----Message d'origine-----
> De__: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com] De la part de J. Bakshi
> Envoy____: 20 ao__t 2009 10:43
> ____: security-basics () securityfocus com
> Objet__: newbie question about honeypot
>
> Dear list,
>
> My home server is already running iptable firewall. Though nmap scan
> able to show the correct os finger print and the open ports. I have
> come to know about honeypot which can fool the port scanners. But I
> am still very confused about honeypot and its implementation. I like
> to simply implement a honeypot which can hide the open ports but
> shows some other non opened ports to the scanner as well as provide a
> false os fingerprint report. There is honeyd and tinyhoneypot. Which
> one can do this and how to configure ? Please suggest.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs
> an SSL certificate.  We look at how SSL works, how it benefits your
> company and how your customers can tell if a site is secure. You will
> find out how to test, purchase, install and use a thawte Digital
> Certificate on your Apache web server. Throughout, best practices for
> set-up are highlighted to help you ensure efficient ongoing
> management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
> d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------