Honeypots mailing list archives

RE: Honey VS Vinegar

From: "lubomir nistor" <lubon_ () web de>
Date: Tue, 2 Nov 2004 19:41:30 +0100

 
Hmm.. I think Stephan doesn't understand the concept of P2P..
He just increased traffic on the network nothing else.. who would care to
look into the list of milions of IP addresses present on P2P networks?
Especially without knowing who is the source root in the distribution tree..

And I really enjoy observing those posting "HACK ME!" on IRC (and being
kicked after that :) 

The basic approach to problem solving is identification of the problem;
analysis and then resolution. I'm not sure whether trial by error would
comply to this, but its not a very scientific approach.
I think the psychological approach is the best way. Just apply well
documented marketing strategies and tactics..

There is not much to be said here.. Just rtfmm (m stands for marketing :-)

Regards
      L

-----Original Message-----
From: honeypots-return-2920-lubon_=web.de () securityfocus com
[mailto:honeypots-return-2920-lubon_=web.de () securityfocus com] On Behalf Of
Stephan Riebach
Sent: Tuesday, November 02, 2004 12:30 PM
To: honeypots () securityfocus com
Subject: AW: Honey VS Vinegar

Reading all your posts I wondered if aggressive tactics do really provoke
new/interesting attacks. More precisely I wondered how far we should go?!

I tested some tactic earlier by installing a P2P client on a honeypot and
provoking attacks by "annoying" users. I created random data files with "dd"
and converted them to the mp3 format using lame
(http://lame.sourceforge.net/). I gave those fake files the names of famous
Top20 songs and provided the files with my KazaaLite client. I also provided
some real large faked files which I simply renamed as zip or rar archive,
e.g. "Windows2000Prof.zip" . The honeypot was online for 6 weeks and many
files were downloaded but really no new/unusual/special attack could be
detected in this time. Just the well-known port 135 and 445 signatures. I
also run a web server on this honeypot and I hoped to increase attacks with
this "annoying" tactic.  Maybe you can compare this with fishing and my lure
was bad or I simply had no luck. :-)

Or maybe I proofed that P2P users are harmless and never attack anybody. :-)


Cheers!
Stephan

Current thread:

Honey VS Vinegar Polazzo Justin (Oct 27)
- Re: Honey VS Vinegar Valdis . Kletnieks (Oct 27)
- <Possible follow-ups>
- Re: Honey VS Vinegar the rxmr (Oct 27)
  - Re: Honey VS Vinegar Jeff Bryner (Nov 01)
    - AW: Honey VS Vinegar Stephan Riebach (Nov 02)
    - Re: AW: Honey VS Vinegar Adam Graham (Nov 02)
    - RE: Honey VS Vinegar lubomir nistor (Nov 02)