Honeypots mailing list archives
Re: honeyd script files
From: Till Dörges <td () pre-secure de>
Date: Thu, 10 Nov 2005 11:03:42 +0100
Hi, andy spencer wrote on 03.11.2005 10:09:
father to come so far], but I am failing to find any port scripts for ports that are being attacked. I found out that 135(NET Bios), 445(CIFS), 1026 and 1027 (Microsoft scheduling port ? and MSN messenger ?) are frequently scanned ports, but I couldn't find any scripts either by their port number or their function. I hope you can help me to find some scripts.
Try this URL: http://honeynet.rstack.org/tools.php - FakeNetbiosDGM (NetBIOS Datagram) - FakeNetbiosNS (NetBIOS Name Service) Additionally these 2 projects could be of interest. They are not honeyd plugins but you might be able to integrate them with honeyd: http://nepenthes.sourceforge.net/ http://www.mwcollect.org/ Regards -- Till -- Dipl.-Inform. Till Dörges PRESECURE (R) Researcher Consulting GmbH Phone: +49 (0)700 / PRESECURE td () pre-secure de A daily view on Internet Attacks https://www.ecsirt.net/sensornet
Current thread:
- honeyd script files andy spencer (Nov 03)
- Re: honeyd script files Till Dörges (Nov 10)