Honeypots mailing list archives
Re: IIS honeypot
From: "Ryan C. Barnett" <rcbarnett () hushmail com>
Date: Wed, 4 Aug 2004 14:07:18 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joe, You can run IISEmulator by RFP and HD Moore - http://sourceforge.net/projects/iisemul8/
From the website -
"The goal of this project is to create a functioning web server which is indistinguishable from Microsoft's IIS product at a topical level. This server can be run standalone, through inetd, or as a module of the "honeyd" project." I was actaally using it while testing web server fingerprinting tools (HTTPrint, Hmap, etc...) and it fooled all of them. Here is an example session of running out of inetd on a Solaris box - ############################## bash-2.03# telnet localhost 81 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. OPTIONS * HTTP/1.0 HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Wed, 4 Aug 2004 17:01:13 GMT Content-Length: 0 Accept-Ranges: bytes DASL: <DAV:sql> DAV: 1, 2 Public: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH Allow: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH Cache-Control: private Connection closed by foreign host. ###################### Hope this helps. - -Ryan
Can anyone point me to some articles discussing IIS honeypots. Either
low or high interaction is fine. I googled it and not much returned. thanks J
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkERUAUACgkQ0C5r6NXO9mJSdgCgoxTvN7n9iYPdpH9C+1aC0j5NgDQA oLOiFhPVzCQmx/zHozoyo1IBWIrX =6HpL -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427
Current thread:
- IIS honeypot joe smith (Aug 04)
- <Possible follow-ups>
- Re: IIS honeypot Ryan C. Barnett (Aug 04)