Honeypots mailing list archives

Re: honeyd script files

From: Till Dörges <td () pre-secure de>
Date: Thu, 10 Nov 2005 11:03:42 +0100

Hi,

andy spencer wrote on 03.11.2005 10:09:

father to come so far], but I am failing to find any port scripts for
ports that are being attacked.
I found out that 135(NET Bios), 445(CIFS), 1026 and 1027 (Microsoft scheduling
port ? and MSN messenger ?) are frequently scanned ports, but I
couldn't find any scripts
either by their port number or their function.
I hope you can help me to find some scripts.


Try this URL:

  http://honeynet.rstack.org/tools.php
  - FakeNetbiosDGM (NetBIOS Datagram)
  - FakeNetbiosNS (NetBIOS Name Service)


Additionally these 2 projects could be of interest. They are not honeyd
plugins but you might be able to integrate them with honeyd:

  http://nepenthes.sourceforge.net/
  http://www.mwcollect.org/

Regards -- Till
-- 
Dipl.-Inform. Till Dörges                  PRESECURE (R)
Researcher                               Consulting GmbH
Phone: +49 (0)700 / PRESECURE           td () pre-secure de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet

Current thread:

honeyd script files andy spencer (Nov 03)
- Re: honeyd script files Till Dörges (Nov 10)