Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Does it really take so long to get a bite?

From: Mike Clark <mike () honeynet org>
Date: Sun, 8 Dec 2002 23:43:33 +0000 (GMT)
Hardened honeynets need to be high value targets in my opinion.  Hardend
will defend against all the automated attacks out there,  they require
someone to be determined to get in.  So an e-commerce site would be a good
hardend honeynet.

Mike


I am wondering if hardened honeypots will ever get compromised? Let's
say that I run a honeypot with only one accessible service running. This
service is exploitable by code that's in the public domain, but would
require the attacker to search for it. What are the odds of compromise?
And better yet, let's say this honeypot is on residential internet
service. Does that factor play any role?

Have other honeypotters run a hardened system only to give up months
later after no compromise?


One of the interesting things the Honeynet Project has seen is different
operating systems attrack different clientle.  Linux hackers tend to be
a different community then Solaris, OpenBSD, or Window hackers.  We do
not have enough data to come to any conclusions, but something to keep
your eyes open for :)


What about Sparc hackers? Do they exist? I ran a Sparcstation honeypot
for awhile and had the odd x86 exploit thrown at it but never
compromised. I have heard stories of Sparc honeypots up for years w/o
being hacked.

Chris
Previous By Date Next
Previous By Thread Next

Current thread: