Re: setting up an insecure box

[ptchinster <ptchinster () archlinux us>]

Any older software that has a known exploit out there running on a not
uptodate OS will get broken into sooner or later. I have not done what
you are wanting to do yet, but i do have a server offering several
services on the internet and i get to see how people try to break in.

You could set up a web server on an old unpatched version of windows.
Or, set up a ssh server and create a user called "guest" with a
password like, "password" or "guest" or just null. Based on my ssh
logs youll have somebody in your box real quick.

Whatever you do make sure you are in control - dont let somebody take
over your box and then use it to attack others. Configure your box and
network, and other boxes on the network properly.

You may also want to check into honeypots.
http://www.honeyd.org/
You can make virtual computers on your network that you associate a
script to a port. So in the config file you might have a line that
says, "port 80 is open and run scripts/web_server.pl when somebody
connects to it". Then you can have a fake, scaled down web_server.pl
script that is custom built to allow 1 type of exploit. I know thats
how the people who investigate malware do it often - some new exploit
becomes known and they write a program to react as the exploitable
software would - then the payload comes and they have it saved. Its
all about control, knowing what is going on inside your box.

On Thu, Jul 23, 2009 at 9:07 AM, Rob Berk<rberk11 () yahoo com> wrote:
> Hi,
>
> I am a software developer with a newfound interest in computer security. Inspired by a chapter from "Stealing the 
> Network", I would like to set up an unpatched box to observe and try to learn from- monitor the traffic, try to 
> reverse engineer any malware it gets.. I have a few questions-
> 1) is this realistic?  will setting up an unsecure older box on my home network actually attract any malicious code 
> or people?
> 2) what software configuration would work best for this?  in the book, the (fictional) character sets up a box with 
> windows 2000 and IIS5, and catches the new worm within a few minutes, but the book is a few years old.. would I want 
> to use an unpatched windows server 2003 with IIS6?
>
> Also, any other suggestions are very much welcome.  Thanks!
>
> R
>
>
>
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------



-- 
--------------------------------
I am a traveler of both time and space, to be where i have been.
Many times I've wondered, how much there is to know...
And it makes me wonder...

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------