Honeypots mailing list archives
Re: FreeBSD and honey pots [ Re: Snort inline for openbsd? ]
From: "Alan Neville" <aneville () isiclabs com>
Date: Tue, 4 Mar 2003 22:34:00 -0000
Garrett: Once the honeypot is compromised, it is possible for the intruder to discover the offsite logging system, at which point they may disable it. Although, all logs are sent to the logging server live, so everything right up to the moment of the remote log server being disabled is recorded and uploaded. An idea to think about would be to setup a secondary logging server so, if the connection is disabled by an intruder, the second one will kick in and log. Also, be sure to check out the following papers by Eric S. Hines; http://www.fatelabs.com/syslog.pdf http://www.fatelabs.com/flyingspigs.pdf If you require additional information, please by all means contact me. Best Regards, Alan Neville ----- Original Message ----- From: "Garrett Sinfield" <garrettsinfield () hotmail com> To: <honeypots () securityfocus com> Cc: <loki () fatelabs com> Sent: Tuesday, March 04, 2003 1:04 PM Subject: Re: FreeBSD and honey pots [ Re: Snort inline for openbsd? ]
Hi, I have a honey pot setup that sounds similar to yours ph33r and I was just curious if it was possible for the more 'advanced' people who
penetrate
your honeypot, to be able to figure out your connection to the remote logging server and terminate it. Is it possible? ( I'd like to know before
I
try to set up remote logging ). -Garrett Sinfield _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Current thread:
- Re: FreeBSD and honey pots [ Re: Snort inline for openbsd? ] Garrett Sinfield (Mar 04)
- Re: FreeBSD and honey pots [ Re: Snort inline for openbsd? ] Alan Neville (Mar 04)
- RE: FreeBSD and honey pots [ Re: Snort inline for openbsd? ] Bojan Zdrnja (Mar 04)
- <Possible follow-ups>
- RE: FreeBSD and honey pots [ Re: Snort inline for openbsd? ] Garrett Sinfield (Mar 05)
- Re: FreeBSD and honey pots [ Re: Snort inline for openbsd? ] Alan Neville (Mar 04)