Honeypots mailing list archives
Re: DNS honeypots?
From: Jason Ross <algorythm () gmail com>
Date: Tue, 2 Mar 2010 17:57:16 -0500
On Tue, Mar 2, 2010 at 4:48 PM, <Valdis.Kletnieks () vt edu> wrote:
On Tue, 02 Mar 2010 15:00:43 EST, Jason Lewis said:Anyone have any pointers to dns honeypots or maybe just BIND configurations that would allow logging of malicious queries without actually executing them?Out of curiosity, how do you get traffic directed to the honeypot without listing it in an NS entry for an SOA? Give it a hostname like ns1.exampe.com and hope that works?
There's quite a lot of (bad and good) bots "out there" looking for DNS servers, particularly ones that appear to permit recursive queries to the Internet. Just leaving a box on the net that meets those criteria will collect a fair amount of queries. -- jason
Current thread:
- DNS honeypots? Jason Lewis (Mar 02)
- Re: DNS honeypots? Tillmann Werner (Mar 02)
- Re: DNS honeypots? Jason Ross (Mar 02)
- Re: DNS honeypots? Jason Lewis (Mar 02)
- Re: DNS honeypots? chr1x (Mar 02)
- Re: DNS honeypots? Jason Lewis (Mar 02)
- Re: DNS honeypots? Valdis . Kletnieks (Mar 02)
- Re: DNS honeypots? Jason Ross (Mar 02)
- Re: DNS honeypots? Jason Lewis (Mar 02)
- Re: DNS honeypots? Brent Huston (Mar 03)
- Re: DNS honeypots? Jason Lewis (Mar 03)
- Re: DNS honeypots? Brent Huston (Mar 03)
- Re: DNS honeypots? Jason Ross (Mar 03)
- Re: DNS honeypots? Jason Lewis (Mar 03)
- Re: DNS honeypots? Alexandre Dulaunoy (Mar 03)