Honeypots mailing list archives
Re: Honeypot/net IDS System
From: Michael Robinton <michael () insulin-pumpers org>
Date: Sun, 22 Feb 2004 17:55:26 -0800 (PST)
On Sun, 22 Feb 2004, Daniel Roth wrote:
Hi! I wrote here some months ago about a project I and som friends have been asked to do. It is up and running now, and we would really(!!) like to have som feedback, thoughts and ideas before we start using the system sharp. We're currently in a testphase. http://jackass.tekno.chalmers.se/dp03-17/ From the What-it-is section: "...we in the group focused a bit more on how to "invite" the attacker and let him/her into a fake system, a honeypot. Our honeypot is a single computer, faking many computers, with different computers, operating systems and routers. This system is supervised via a GUI where one can click and drag to add computers/routers a visual way. When satisfied a configfile will be written and system up and running. The backend is a combination of an ids system, with an advanced honeypotdeamon, lots of virtual filesystems and a log/abuse-function which can mail the system administrator when something suspicious happens" Daniel
I'm puzzled by everyone's interest in "fake honeypot" systems. I've run a couple of them for several years and there is almost NO traffic even though I have a bunch of email addy's on web pages for spamscrapers to find. Running a tarpit as the front end of our mail system catches bunches of spammers. Why wouldn't you do that instead? It is much more effective and eliminates the spam from our incoming MTA as well as killing the net traffic associated with the spam. Since spam outnumbers real messages by more than 10 to 1 (at least here), this is beneficial. Michael
Current thread:
- Honeypot/net IDS System Daniel Roth (Feb 22)
- Re: Honeypot/net IDS System Michael Robinton (Feb 22)
- Re: Honeypot/net IDS System captgoodnight (Feb 22)
- RE: Honeypot/net IDS System Aditya, ALD [Aditya Lalit Deshmukh] (Feb 24)
- RE: Honeypot/net IDS System Michael (Feb 24)
- RE: Honeypot/net IDS System ravivsn (Feb 24)
- RE: Honeypot/net IDS System Michael (Feb 25)
- Re: Honeypot/net IDS System Valdis . Kletnieks (Feb 25)
- Re: Honeypot/net IDS System Ian Baker (Feb 24)
- Re: Honeypot/net IDS System Michael (Feb 25)
- RE: Honeypot/net IDS System Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)
- RE: Honeypot/net IDS System Michael (Feb 27)
- Re: Honeypot/net IDS System Michael Robinton (Feb 22)