Penetration Testing mailing list archives
Re: A kind of Honeypot
From: Lance Spitzner <lance () honeynet org>
Date: Thu, 21 Jun 2001 09:45:49 -0500 (CDT)
On Wed, 20 Jun 2001, Nicolas Gregoire wrote:
I plan to make a website just for my pen-tests. This website grabs as much as possible info from the visitors (IP, browser, proxy, etc ..), tries to exploit some common vulns of browsers (Guninski's page is a good start for this) and hosts a passive fingerprinting app. The victims are "spammed" with some misc. content (p0rn, free CD/DVD, jokes) linking (or redirecting) to the site. Has anybody ever do that ?
Hmm, I have done this before, but for different reasons. When I do assessments, I like to run a simple honeypot on my laptop. Consider this a passive assessment, while you are out looking for issues, things might come looking for you (viruses, trojans, scanners, etc). Good way to find is someone is being naughty. For example, one time I was conducting an assessment of a organization in Asia. Thirty minutes prior to a presentation I was to give to the board of directors, my laptop was attacked, as an attacker was scanning the company's network. The honeypot software was attacked, and recorded the entire session. This was great evidence to give to the board of directors, as it validated to them why I was conducting the assessment. I had proof that the bad guys were hitting their network, and the attackers were not friendly. At the time I was using BOF by NFR, but this is no longer available. One commercial honeypot solution that may work for you laptop is Specter (www.specter.com). lance
Current thread:
- A kind of Honeypot Nicolas Gregoire (Jun 20)
- Re: A kind of Honeypot max (Jun 21)
- Re: A kind of Honeypot Nexus (Jun 21)
- RE: A kind of Honeypot Andrew van der Stock (Jun 21)
- Re: A kind of Honeypot Lance Spitzner (Jun 21)
- <Possible follow-ups>
- Re: A kind of Honeypot Antonio Stano (Jun 22)