funsec mailing list archives
Re: Thinking out loud: On the value of honeynets, trojans, bo tnets, etc.
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Mon, 5 Jun 2006 00:26:45 -0400
On 6/4/06, Fergie <fergdawg () netzero net> wrote:
The user-interaction angle in the one that I'm really talking anout here. Bots generally "spread" one of two ways: Either by actively infecting via scanning and infecting an unpatched OS flaw (e.g. the MS05-039 PnP vulnerrability/exploit), or via a user clicking on a dirty link & unwittingly installing the code (or a backdoor downloader which, in turn, can install the bot code itself). The latter, I think, is what we are seeing much more of these days, and to that end, I'm not really seeing that a honeynet is of much utility in that regard. Would love to hear opinions on this, however. :-)
Sounds like you already know the answer. Some exploits are found by honeymonkies, some expoits are found by honeypots. It would be pretty nifty if someone would come up with a honeymonkey that would use the cache if the local dns server as a list of "to be browsed". You could then analyze what the honeymonkies found and see if any users brought malware into your network that day. /babble -JP _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Thinking out loud: On the value of honeynets, trojans, bo tnets, etc. Fergie (Jun 03)
- <Possible follow-ups>
- Re: Thinking out loud: On the value of honeynets, trojans, bo tnets, etc. Fergie (Jun 04)
- Re: Thinking out loud: On the value of honeynets, trojans, bo tnets, etc. Dude VanWinkle (Jun 04)
- RE: Thinking out loud: On the value of honeynets, trojans, botnets, etc. StyleWar (Jun 04)
- Re: Thinking out loud: On the value of honeynets, trojans, bo tnets, etc. Fergie (Jun 04)
- RE: Thinking out loud: On the value of honeynets, trojans, bo tnets, etc. Fergie (Jun 04)
- Re: Thinking out loud: On the value of honeynets, trojans, bo tnets, etc. Blue Boar (Jun 05)
- Re: Thinking out loud: On the value of honeynets, trojans, bo tnets, etc. Dude VanWinkle (Jun 05)
- Re: Thinking out loud: On the value of honeynets, trojans, bo tnets, etc. Valdis . Kletnieks (Jun 05)
- Re: Thinking out loud: On the value of honeynets, trojans, bo tnets, etc. Blue Boar (Jun 05)