Honeypots mailing list archives
Re: Know Your Enemy: GenII Honeynets
From: Mike Clark <mike () honeynet org>
Date: Wed, 16 Apr 2003 01:44:54 +0000 (GMT)
choose an arbitrary port to have things report on such as 30519 or something, and have the logging facility listen for that port, while on the honeypot itself all other traffic such as their SSH/IRC/etc connections would still be visible.
Well, you never know what port an attacker will use as a backdoor. Small chance itd be the specified port, but it could be. As George mentioned, it does not hide based on the honeypots mac, which should address much of your concerns :) As for the paper, while gen 2 technology is "old" it still should be documented. And now it is :) Mike Clark
Current thread:
- Re: Know Your Enemy: GenII Honeynets Michael Anuzis (Apr 15)
- Re: Know Your Enemy: GenII Honeynets george chamales (Apr 15)
- Re: Know Your Enemy: GenII Honeynets Mike Clark (Apr 15)
- <Possible follow-ups>
- Re: Know Your Enemy: GenII Honeynets Michael Anuzis (Apr 16)