Honeypots mailing list archives
Re: Introducing the Tactical Honeynet Deployment Project
From: "Tom Britten" <tomb () antenseven net>
Date: Mon, 1 Sep 2003 22:33:13 -0400
I think that one key thing your missing in the equation is motivation. It is not simply making a honeypot/honeynet believable to a more advanced person. The key lies in why would they attack your site. What is the gain, what type of information is available, what resources can be acquired by gaining entry/access. I believe that the Tactical Honeynet Deployment Project brings up these ideas in their deception and control. They don't quite come out and say it in the same manner but the thought is there.....I think. The other part of the solution does lie in convincing them that this is a real valuable host. Further more, a lot of blackhats are doing the same research that we are but in reverse. And this affects the type of hosts that they attack, as in they aren't looking for a machine that every possible exploit on it. These are people building there own exploits or discovering ones that we don't yet know about. My two cents. ^_^ The last comment I would make is that most of the things that set people off about whether or not a system is real is almost impossible to hide. The only way to truly do this would be to build a new distro that has all the features in it, for it is very difficult to transform a current distro. Start with LFS and slowly work your way up adding bogus commands and services. Not an easy task by any means, but I think that would be the best possible solution. Maybe that is a project worth starting. Let me know your thoughts. Tom Britten Sr. Systems Engineer ----- Original Message ----- From: <greg () sixx com> To: <honeypots () securityfocus com> Sent: Sunday, August 31, 2003 1:21 PM Subject: Re: Introducing the Tactical Honeynet Deployment Project
I'm interested in honeypots and tarpits, but I'm also seriously suffering from newbieism. Why are only script kiddies the ones being caught? What is it that black hats are seeing that keeps them from biting? GregDear honeynet community, This e-mail is to inform anyone interested of the establishment of the Tactical Honeynet Deployment Project ( http://www.thdp.org ). Currently there are several honeynet and honeypot projects in existance and I think everyone would agree with me if I said: "it seems like the last thing the honeynet research community needs is another project doing the same old thing..." but at the same time I think we can each agree
honeynet
research has been struggling as of late. Something has been missing. Script-kids are the only ones getting "caught", or "biting the bait" so
to
speak. The Tactical Honeynet Deployment Project, with a complete focus
on
the concepts of deception, psychology, and control, hopes to transform
the
honeypot from a tool hacked only by neophyte script-kids, to a more advanced system of deployment that will be capable of studying the more sophisticated class of blackhats. As of now, our project is just being established and we have very few members. For this reason, if you have been in the study of honeynet research for a while and are ready to take your honeynet designs to the next
level,
we would be interested in sharing your insights in our project's pages. If our project's website (available at http://www.thdp.org) sounds like something you would be interested in participating in, it would be a
great
opportunity for us to work together in making today's limited honeynet implementations into something more. Regards, Michael Anuzis, CCNA Network Security Consultant Mobile: 248.376.7030 CTO, Advanced DataTactics, Inc. CTO, Advanced InfoTactics, Inc. Project Coordinator: http://www.thdp.org _________________________________________________________________ Get MSN 8 and help protect your children with advanced parental
controls.
http://join.msn.com/?page=features/parental
Current thread:
- Introducing the Tactical Honeynet Deployment Project Michael Anuzis (Aug 30)
- Re: Introducing the Tactical Honeynet Deployment Project greg (Aug 31)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Greg Tracy (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Damian Menscher (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Lance Spitzner (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project greg (Aug 31)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Brenton (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Brenton (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Thomas Jones (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 02)
- <Possible follow-ups>
- Re: Introducing the Tactical Honeynet Deployment Project Jeremy Pierson (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project JPP (Sep 01)