Re: AW: Honey VS Vinegar

[Adam Graham <agraham () datastreamcowboys net>]

I have been provoking attacks (usally in IRC) for years... when I
mentioned this in another security related list a few years ago i got
flamed so bad i still feel toasty... I have noticed (using a bit of
psycology from the aid of my wife who is a phycologist and closet geek
girl) that you can easily tell if you are going to get your basic 13 or
14 yr old script kiddie or someone a bit more skillful... but dont
forget to check you hunnypot webserver logs for all those refers from
google (thanks Johnny for google hacking)....


sorry if it was a rant... but it's my 2 cents worth... 


On Tue, 2004-11-02 at 05:29, Stephan Riebach wrote:
> Reading all your posts I wondered if aggressive tactics do really provoke
> new/interesting attacks. More precisely I wondered how far we should go?!
>
> I tested some tactic earlier by installing a P2P client on a honeypot and
> provoking attacks by "annoying" users. I created random data files with "dd"
> and converted them to the mp3 format using lame
> (http://lame.sourceforge.net/). I gave those fake files the names of famous
> Top20 songs and provided the files with my KazaaLite client. I also provided
> some real large faked files which I simply renamed as zip or rar archive,
> e.g. "Windows2000Prof.zip" . The honeypot was online for 6 weeks and many
> files were downloaded but really no new/unusual/special attack could be
> detected in this time. Just the well-known port 135 and 445 signatures. I
> also run a web server on this honeypot and I hoped to increase attacks with
> this "annoying" tactic.  Maybe you can compare this with fishing and my lure
> was bad or I simply had no luck. :-)
>
> Or maybe I proofed that P2P users are harmless and never attack anybody. :-)
>
>
> Cheers!
> Stephan