Re: Does it really take so long to get a bite?

[Martim Carbone <martim.carbone () ic unicamp br>]

If you want some results fast, I suggest you setup a Windows box running a 
vulnerable version of IIS....your honeypot will get compromised in no 
time, believe me.

Other than that, try putting some more vulnerable services in you 
honeypot. It's also a good ideia to look into the explotation rate (in the 
wild) of the vulnerabilities you planted in the honeypot. Perhaps if you 
plant one or two from the "10 most exploited list", it wont take so long 
for your honeypot to be compromised.

-- 
------------------------------------------
*          Martim d'Orey Carbone         *
* Computer Science Undergraduate Student *
*    Institute of Computing - UNICAMP    *
* ====================================== * 
*   http://www.ic.unicamp.br/~ra002193   *
------------------------------------------

"Many are the strange chances of the world, and help oft shall come from
the hands of the weak when the Wise falter." - Gandalf


-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/M dpu@>!d  s+++:--- a20 C++(+++) UL+++ P+>+++ L+++@ E(+) W++
N++ o? K- w--() O- M- V-- !PS !PE Y+ PGP+>+++ t+ 5++ X+@ R+@ 
tv--(-) b++>+++ DI(+)@ D++ G e>++++ h(+) r-() y+
------END GEEK CODE BLOCK------

On Fri, 6 Dec 2002, marc wrote:

> We set up a honeynet two weeks ago.  So that its not too simple (didnt
> want to just capture the first script kiddy), the only vulnerability on it
> is an old openssh.
>
> Watching the logs, the chkrootkit, the ids, the network traffic, etc, show
> us nothing!  lots and LOTS of scans, mostly for nbname.
>
> How long does it take to get a hit?  Previous reading and anecdotes said
> that some boxes are compromised within 15 mins of being hooked up to the
> network.
>
>
> marc