Re: http fake service

[gminick <gminick () hacker pl>]

On Sun, Feb 09, 2003 at 12:08:01PM -0800, Alberto Gonzalez wrote:
>   Mos't attackers/worms identify a server with its banner. With a HTTP
> emulation (fake) you can emulate ANY banner you want. If this is a
> research honeypot, you will probably be receiving plenty of exploits if
> you emulate some old vulnerabile IIS stuff[1].
You're right, but then you're losing a possibility to look what they're
doing after the exploit succeeds. That kind of honeypot is easier to 
play with, but you lose a lot, no way to capture their tools, maybe some
IRC talks, behaviors after break-in...

ps. please, cut useless quotes and signatures.

-- 
[ ] gminick (at) underground.org.pl  http://gminick.linuxsecurity.pl/ [ ]
[ "Po prostu lubie poranna samotnosc, bo wtedy kawa smakuje najlepiej." ]