Honeypots mailing list archives
Re:Virtual Honeypot Users
From: "Vlad" <recompiler () hacksrus com>
Date: Tue, 15 Jun 2004 11:50:19 -0400 (EDT)
Activity would vary greatly depending on the supposed role of the server. My mail servers don't get ssh logins from random users, but the development servers have 8 to 12 developers hanging out there 24/7/365. Web traffic is easy to simulate. I have some background traffic stuff and other tools but I need to clear it with my employer before I can release it. Look for it within 2 weeks. Easiest thing I could think of would be to have a hardened FreeBSD host booting of read only media, and automatically logging in at semi random times, running things, reading email, sending fake email etc. The machine would have to be very hardened to minimize chance of compromise, and discovery of busseybody scripts. I may end up writing the busseybody scripts myself. File with login times, random number generator which will generate a time interval so log in +- 30 min from the login time send email following typical patterns (early morning, lunch, just before end of work day, random spam etc. Lets hear some more ideas? -- Vlad G. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
Current thread:
- Virtual Honeypot Users Brian Burton (Jun 14)
- RE: Virtual Honeypot Users Freddie Beaver (Jun 15)
- Re: Virtual Honeypot Users Andrew R. Lamb (Jun 15)
- <Possible follow-ups>
- Re:Virtual Honeypot Users Vlad (Jun 15)