Honeypots mailing list archives

Re: Know Your Enemy: GenII Honeynets

From: Mike Clark <mike () honeynet org>
Date: Wed, 16 Apr 2003 01:44:54 +0000 (GMT)

choose an arbitrary port to have things report on such as 30519 or
something, and have the logging facility listen for that port, while on the
honeypot itself all other traffic such as their SSH/IRC/etc connections
would still be visible.



Well,  you never know what port an attacker will use as a backdoor.  Small
chance itd be the specified port, but it could be.  As George mentioned,
it does not hide based on the honeypots mac, which should address much of
your concerns :)

As for the paper, while gen 2 technology is "old"  it still should be
documented.  And now it is :)

Mike Clark

Current thread:

Re: Know Your Enemy: GenII Honeynets Michael Anuzis (Apr 15)
- Re: Know Your Enemy: GenII Honeynets george chamales (Apr 15)
- Re: Know Your Enemy: GenII Honeynets Mike Clark (Apr 15)
- <Possible follow-ups>
- Re: Know Your Enemy: GenII Honeynets Michael Anuzis (Apr 16)