Honeypots mailing list archives
Re: Does it really take so long to get a bite?
From: Chris Reining <creining () packetfu org>
Date: Sun, 8 Dec 2002 13:38:18 -0600
As many folks have disscussed, it depends on a variety of variables. Two years ago, RH 6.2 would have been hacked in hours. However, folks have moved onto new 'exploit-du-jour', so what was highly 'hackable' two years ago may take weeks or even months. When the OpenSSH exploit was released, it was possible for RH 6.2 or even RH 7.2 boxes to last longer then an unpatched OpenBSD box. So, TTL is often based on what the favored exploit happens to be at that time. Also, keep in mind, the harder your honeypot is to break into, the more you can learn. However, the harder it is to break into your honeypot, the more value you have to give it. If the bad guys just want systems, they will skip your harden honeypot and go for the easy kill. All depends on the type of clientle you wish to attrack.
I am wondering if hardened honeypots will ever get compromised? Let's say that I run a honeypot with only one accessible service running. This service is exploitable by code that's in the public domain, but would require the attacker to search for it. What are the odds of compromise? And better yet, let's say this honeypot is on residential internet service. Does that factor play any role? Have other honeypotters run a hardened system only to give up months later after no compromise?
One of the interesting things the Honeynet Project has seen is different operating systems attrack different clientle. Linux hackers tend to be a different community then Solaris, OpenBSD, or Window hackers. We do not have enough data to come to any conclusions, but something to keep your eyes open for :)
What about Sparc hackers? Do they exist? I ran a Sparcstation honeypot for awhile and had the odd x86 exploit thrown at it but never compromised. I have heard stories of Sparc honeypots up for years w/o being hacked. Chris
Current thread:
- Does it really take so long to get a bite? marc (Dec 07)
- RE: Does it really take so long to get a bite? Andrew Hintz (Drew) (Dec 07)
- Re: Does it really take so long to get a bite? Chris Reining (Dec 07)
- Re: Does it really take so long to get a bite? ktimm (Dec 07)
- Re: Does it really take so long to get a bite? Lance Spitzner (Dec 07)
- Re: Does it really take so long to get a bite? Mike Clark (Dec 08)
- Re: Does it really take so long to get a bite? Chris Reining (Dec 08)
- Re: Does it really take so long to get a bite? Mike Clark (Dec 09)
- Re: Does it really take so long to get a bite? Brian Hatch (Dec 09)
- Re: Does it really take so long to get a bite? Robert G. Ferrell (Dec 09)
- RE: Does it really take so long to get a bite? Greg van der Gaast (Dec 09)
- Re: Does it really take so long to get a bite? Anton A. Chuvakin (Dec 09)
- Re: Does it really take so long to get a bite? marc (Dec 09)
- Re: Does it really take so long to get a bite? Brian Hatch (Dec 10)
- Re: Does it really take so long to get a bite? TageTora (Dec 12)
- Re: Does it really take so long to get a bite? Brian Hatch (Dec 12)
- RE: Does it really take so long to get a bite? Andrew Hintz (Drew) (Dec 10)