Honeypots mailing list archives
Re: Introducing the Tactical Honeynet Deployment Project
From: "Jeremy Pierson" <BLOX () COX NET>
Date: Mon, 1 Sep 2003 9:16:29 -0700
You could make a fake DF command which just cats a bogus DF snapshot to the screen. Ages ago when I was doing harmless hacking around, I would run my scripts as common system/user processes so nobody would be suspicious. Anyway, in this case you could run a buncha bogus processes under legit process names. However, you might want to use real paths to execute them from since PS -X will show the full paths. jer "On Sun, 31 Aug 2003 10:21:39 PDT, greg () sixx com said: "> I'm interested in honeypots and tarpits, but I'm also seriously "> suffering from newbieism. Why are only script kiddies the ones being "> caught? What is it that black hats are seeing that keeps them from "biting? "The clued black hats are for the most part busy running targeted attacks "on specific sites. If you're a black hat planning a run on Foobar "Corp's website to harvest some credit card numbers, you're not going to "hit Foobar's honeypot unless they leave a lot of red herrings that flag "the box as a backend server. "And if they DO hit it, they're gonna do a 'df' and a 'ps' and if it "doesn't smell right, they are OUTTA there./ " "-----BEGIN PGP SIGNATURE----- "Version: GnuPG v1.2.2 (GNU/Linux) "Comment: Exmh version 2.5 07/13/2001 " "iD8DBQE/Ur1ucC3lWbTT17ARAk6KAKD1sRNWUPP2wQRvodZgygqyube4sACePsIH "EFpRwXZnXtPpPb5tyIpvWj4= "=5xc+ "-----END PGP SIGNATURE----- "
Current thread:
- Re: Introducing the Tactical Honeynet Deployment Project, (continued)
- Re: Introducing the Tactical Honeynet Deployment Project Damian Menscher (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Lance Spitzner (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Brenton (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Brenton (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Thomas Jones (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Scott Garman (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Reining (Sep 02)