Honeypots mailing list archives
Re: Introducing the Tactical Honeynet Deployment Project
From: Greg Tracy <greg () sixx com>
Date: Mon, 1 Sep 2003 08:00:12 -0700
Makes sense. But aren't black hats also on the lookout for easy prey/insecure hosts from which they can launch other targeted attacks? And a good honeypot should look like a production server to pull them away from the true targets, right? I would think that df and ps should turn up exactly what would look right for the machine it's supposed to be. Or am I way off base?
Thanks for replying!
Greg
On Sunday, August 31, 2003, at 08:30 PM, Valdis.Kletnieks () vt edu wrote:
On Sun, 31 Aug 2003 10:21:39 PDT, greg () sixx com said:
I'm interested in honeypots and tarpits, but I'm also seriously suffering
from newbieism. Why are only script kiddies the ones being caught? What
is it that black hats are seeing that keeps them from biting?
The clued black hats are for the most part busy running targeted attacks on
specific sites. If you're a black hat planning a run on Foobar Corp's website
to harvest some credit card numbers, you're not going to hit Foobar's honeypot
unless they leave a lot of red herrings that flag the box as a backend server.
And if they DO hit it, they're gonna do a 'df' and a 'ps' and if it doesn't smell
right, they are OUTTA there./
<mime-attachment>
<also>
That's a good question. It's not that anything creeps them from biting. It's that there is nothing of value for them to go after. A serious blackhat with a mature technical skill is not going to waste his time with the typical honeypots on residential internet connections. A blackhat that's going to hack anything worth hacking is going to target a business with an online website or something that will actually give him value to attack.
Thanks,
Greg Tracy
greg () sixx com
Current thread:
- Introducing the Tactical Honeynet Deployment Project Michael Anuzis (Aug 30)
- Re: Introducing the Tactical Honeynet Deployment Project greg (Aug 31)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Greg Tracy (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Damian Menscher (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Lance Spitzner (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project greg (Aug 31)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Brenton (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Brenton (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Thomas Jones (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 02)