Honeypots mailing list archives
RE: Honey VS Vinegar
From: "lubomir nistor" <lubon_ () web de>
Date: Tue, 2 Nov 2004 19:41:30 +0100
Hmm.. I think Stephan doesn't understand the concept of P2P.. He just increased traffic on the network nothing else.. who would care to look into the list of milions of IP addresses present on P2P networks? Especially without knowing who is the source root in the distribution tree.. And I really enjoy observing those posting "HACK ME!" on IRC (and being kicked after that :) The basic approach to problem solving is identification of the problem; analysis and then resolution. I'm not sure whether trial by error would comply to this, but its not a very scientific approach. I think the psychological approach is the best way. Just apply well documented marketing strategies and tactics.. There is not much to be said here.. Just rtfmm (m stands for marketing :-) Regards L -----Original Message----- From: honeypots-return-2920-lubon_=web.de () securityfocus com [mailto:honeypots-return-2920-lubon_=web.de () securityfocus com] On Behalf Of Stephan Riebach Sent: Tuesday, November 02, 2004 12:30 PM To: honeypots () securityfocus com Subject: AW: Honey VS Vinegar Reading all your posts I wondered if aggressive tactics do really provoke new/interesting attacks. More precisely I wondered how far we should go?! I tested some tactic earlier by installing a P2P client on a honeypot and provoking attacks by "annoying" users. I created random data files with "dd" and converted them to the mp3 format using lame (http://lame.sourceforge.net/). I gave those fake files the names of famous Top20 songs and provided the files with my KazaaLite client. I also provided some real large faked files which I simply renamed as zip or rar archive, e.g. "Windows2000Prof.zip" . The honeypot was online for 6 weeks and many files were downloaded but really no new/unusual/special attack could be detected in this time. Just the well-known port 135 and 445 signatures. I also run a web server on this honeypot and I hoped to increase attacks with this "annoying" tactic. Maybe you can compare this with fishing and my lure was bad or I simply had no luck. :-) Or maybe I proofed that P2P users are harmless and never attack anybody. :-) Cheers! Stephan
Current thread:
- Honey VS Vinegar Polazzo Justin (Oct 27)
- Re: Honey VS Vinegar Valdis . Kletnieks (Oct 27)
- <Possible follow-ups>
- Re: Honey VS Vinegar the rxmr (Oct 27)
- Re: Honey VS Vinegar Jeff Bryner (Nov 01)
- AW: Honey VS Vinegar Stephan Riebach (Nov 02)
- Re: AW: Honey VS Vinegar Adam Graham (Nov 02)
- RE: Honey VS Vinegar lubomir nistor (Nov 02)
- Re: Honey VS Vinegar Jeff Bryner (Nov 01)