Honeypots mailing list archives
Re: An Idea for Discussion for HoneyView
From: Valdis.Kletnieks () vt edu
Date: Thu, 01 May 2003 15:03:44 -0400
On Thu, 01 May 2003 10:15:54 EDT, Pascal Charest said:
The other problem would be the bandwith asked by this operation, we are speaking of slowing down the speed of the login to crawl. I would also
Nobody said it had to *wait* for the traceroute to complete before letting the person in - if a 'traceroute' congests the pipe noticalbly, there's bigger network management issues (although this *does* require rate-limiting of some sort, so you don't launch a traceroute back for every poke by a Slapper-style worm).
wonder if there would be usefull result, since an hacker might decide to use anonymous proxy, vpn, modified ircbot, hacked computer... all of wich would compromise your data accuracy.
Hmm.. anonymous proxies, bots, hacked computers.. those are things you'd WANT to be including, since what you're generating is "a list of places you DONT want to be hearing from".... So if the hacker in Venezuela hits you via 3 different open proxies, you want to null-route those /24s...
Attachment:
_bin
Description:
Current thread:
- An Idea for Discussion for HoneyView Karl Hable (May 01)
- Re: An Idea for Discussion for HoneyView Matt Bruce (May 01)
- Re: An Idea for Discussion for HoneyView Pascal Charest (May 01)
- Re: An Idea for Discussion for HoneyView Valdis . Kletnieks (May 01)