Honeypots mailing list archives

Re: profiling honeypots..

From: paul <xml () mailandnews com>
Date: 07 Apr 2003 14:38:34 +0100

On Mon, 2003-04-07 at 13:07, Garrett Sinfield wrote:

Perhaps 'hackers' that have some potential skill, and who pose a serious 
security threat might have a list, but I highly doubt that script kiddies 
(the people that the honeypots usually attract) have a list of sites, and 
addresses of honeypots. Just my .02 cents.


I got one guy from Italy who was logging in day after day, finding
his rootkits missing (I rewound vmware) and just went and downloaded
and installed them time after time. I finally decided on a new policy,
any visitors are allowed in but whenever they download anything
I firewall access to that box so they can't use it again and
have to get stuff from elsewhere.

Still, I find it highly improbable that anyone who's visited my
honeypots is capable of a feat of organisation as suggested. Nobody
so far has hardly even had a sniff around the honeypot, never mind
the LAN, nor even done a traceroute.

Paul

Current thread:

Re: profiling honeypots.., (continued)
- Re: profiling honeypots.. Dominik Lupinski (Apr 07)
- Re: profiling honeypots.. Bernie, CTA (Apr 07)
  - Re: profiling honeypots.. Anton A. Chuvakin (Apr 07)
    - Re: profiling honeypots.. Bernie, CTA (Apr 07)
    - RE: profiling honeypots.. Toby Miller (Apr 07)
    - RE: profiling honeypots.. Nigel Clarke (Apr 07)
    - RE: profiling honeypots.. Toby Miller (Apr 07)
    - RE: profiling honeypots.. Nigel Clarke (Apr 07)
    - RE: profiling honeypots.. Bernie, CTA (Apr 07)
- Re: profiling honeypots.. Garrett Sinfield (Apr 07)
  - Re: profiling honeypots.. paul (Apr 07)
- RE: profiling honeypots.. mb_lima (Apr 07)
- RE: profiling honeypots.. Toby Miller (Apr 07)
  - Re: profiling honeypots.. Seth Arnold (Apr 07)
- RE: profiling honeypots.. Golomb, Gary (Apr 07)