Penetration Testing mailing list archives

RE: A kind of Honeypot

From: "Andrew van der Stock" <ajv () e-secure com au>
Date: Thu, 21 Jun 2001 13:43:12 +1000

Pr0n sites do it all the time. Don't browse them with JavaScript turned on.

However, realistically, honeypots and similar ilk are man-traps. I feel
you'd get more information from running a useful web site, and looking your
web logs.

Andrew

-----Original Message-----
From: Nicolas Gregoire [mailto:nicolas.gregoire () 7thzone com]
Sent: Wednesday, 20 June 2001 18:43
To: pen-test () securityfocus com
Subject: A kind of Honeypot


Hi all,

I plan to make a website just for my pen-tests.

This website grabs as much as possible info from the visitors (IP,
browser, proxy, etc ..), tries to exploit some common vulns of browsers
(Guninski's page is a good start for this) and hosts a passive
fingerprinting app.
The victims are "spammed" with some misc. content (p0rn, free CD/DVD,
jokes) linking (or redirecting) to the site.

Has anybody ever do that ?

Nicob

Current thread:

A kind of Honeypot Nicolas Gregoire (Jun 20)
- Re: A kind of Honeypot max (Jun 21)
- Re: A kind of Honeypot Nexus (Jun 21)
- RE: A kind of Honeypot Andrew van der Stock (Jun 21)
- Re: A kind of Honeypot Lance Spitzner (Jun 21)
- <Possible follow-ups>
- Re: A kind of Honeypot Antonio Stano (Jun 22)