Honeypots mailing list archives

AW: Honey VS Vinegar


From: "Stephan Riebach" <riebach () exp-math uni-essen de>
Date: Tue, 2 Nov 2004 12:29:44 +0100

Reading all your posts I wondered if aggressive tactics do really provoke
new/interesting attacks. More precisely I wondered how far we should go?!

I tested some tactic earlier by installing a P2P client on a honeypot and
provoking attacks by "annoying" users. I created random data files with "dd"
and converted them to the mp3 format using lame
(http://lame.sourceforge.net/). I gave those fake files the names of famous
Top20 songs and provided the files with my KazaaLite client. I also provided
some real large faked files which I simply renamed as zip or rar archive,
e.g. "Windows2000Prof.zip" . The honeypot was online for 6 weeks and many
files were downloaded but really no new/unusual/special attack could be
detected in this time. Just the well-known port 135 and 445 signatures. I
also run a web server on this honeypot and I hoped to increase attacks with
this "annoying" tactic.  Maybe you can compare this with fishing and my lure
was bad or I simply had no luck. :-)

Or maybe I proofed that P2P users are harmless and never attack anybody. :-)


Cheers!
Stephan



Current thread: