Penetration Testing mailing list archives
Re: Honeypot detection and countermeasures
From: Acl Proxy <aclproxy () yahoo com>
Date: 19 Jun 2003 19:03:18 -0000
In-Reply-To: <20030617150317.F11919 () red4est com> So far in every pen test I've conducted most of the addressing information was known up front. So if I ran into a honeypot or honeynet, it was just part of the overall equation. The clients were interested in what I could hack into and what vulnerabilities were present and needed to be closed. They weren't interested in paying me or my company $$ to waste time on whether I could evade a honeypot or not. It wasn't a test of my abilities, but of their security posture at that moment in time. And always remember, the only dumb question is the one you don't ask. How are you ever going to learn without reading, trying and asking questions.
Received: (qmail 30138 invoked from network); 17 Jun
2003 21:20:34 -0000
Received: from outgoing2.securityfocus.com
(205.206.231.26)
by mail.securityfocus.com with SMTP; 17 Jun 2003
21:20:34 -0000
Received: from lists.securityfocus.com
(lists.securityfocus.com [205.206.231.19])
by outgoing2.securityfocus.com (Postfix) with QMQP id 30AB08F284; Tue, 17 Jun 2003 15:21:30 -0600 (MDT) Mailing-List: contact pen-test-help () securityfocus com;
run by ezmlm
Precedence: bulk List-Id: <pen-test.list-id.securityfocus.com> List-Post: <mailto:pen-test () securityfocus com> List-Help: <mailto:pen-test-help () securityfocus com> List-Unsubscribe:
<mailto:pen-test-unsubscribe () securityfocus com>
List-Subscribe:
<mailto:pen-test-subscribe () securityfocus com>
Delivered-To: mailing list pen-test () securityfocus com Delivered-To: moderator for pen-test () securityfocus com Received: (qmail 31148 invoked by uid 0); 17 Jun 2003
19:52:04 -0000
Date: Tue, 17 Jun 2003 15:03:17 -0700 From: Larry Colen <lrcrypto () red4est com> To: pen-test () securityfocus com Subject: Honeypot detection and countermeasures Message-ID: <20030617150317.F11919 () red4est com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i I'm doing some research on honeypot detection, and
preventing
honeypots from being detected. I'd greatly appreciate
some feedback
from pen-testers on the following issues: Do you worry about being detected by honeypots? When you do a pen-test, do you already know of the
existence of
honeypots, and their location, so that it is an easy
matter to avoid
them? If you are concerned about honeypots, how do you test
to see if the
system under attack is a honeypot or a production machine? Thanks, Larry --------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 -
31 in Las Vegas, the
world's premier technical IT security event! 10
tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the
top experts, from CSO's to
"underground" security specialists. See for yourself
what the buzz is about!
Early-bird registration ends July 3. This event will
sell out. www.blackhat.com
----------------------------------------------------------------------------
--------------------------------------------------------------------------- Latest attack techniques. You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. Visit us at: www.coresecurity.com/promos/sf_ept1 or call 617-399-6980 ----------------------------------------------------------------------------
Current thread:
- Re: Honeypot detection and countermeasures, (continued)
- Re: Honeypot detection and countermeasures Blake Matheny (Jun 18)
- Re: Honeypot detection and countermeasures Henry O. Farad (Jun 24)
- Re: Honeypot detection and countermeasures Þórhallur Hálfdánarson (Jun 24)
- RE: Honeypot detection and countermeasures Brass, Phil (ISS Atlanta) (Jun 18)
- Re: Honeypot detection and countermeasures Larry Colen (Jun 18)
- Re: Honeypot detection and countermeasures Michael Boman (Jun 19)
- RE: Honeypot detection and countermeasures Rob Shein (Jun 23)
- Re: Honeypot detection and countermeasures Dragos Ruiu (Jun 24)
- Re: Honeypot detection and countermeasures Lance Spitzner (Jun 24)
- Re: Honeypot detection and countermeasures Larry Colen (Jun 18)
- Re: SV: Honeypot detection and countermeasures dave (Jun 24)
- RE: Honeypot detection and countermeasures Michael Boman (Jun 24)
- RE: Honeypot detection and countermeasures Rob Shein (Jun 24)
- RE: Honeypot detection and countermeasures .:[ Death Star]:. (Jun 25)
- RE: Honeypot detection and countermeasures Bojan Zdrnja (Jun 25)