Re: Introducing the Tactical Honeynet Deployment Project

["Jeremy Pierson" <BLOX () COX NET>]

You could make a fake DF command which just cats a bogus DF snapshot to the screen.

Ages ago when I was doing harmless hacking around, I would run my scripts as common system/user processes so nobody 
would be suspicious.  Anyway, in this case you could run a buncha bogus processes under legit process names.  However, 
you might want to use real paths to execute them from since PS -X will show the full paths.

jer


"On Sun, 31 Aug 2003 10:21:39 PDT, greg () sixx com  said:
"> I'm interested in honeypots and tarpits, but I'm also seriously
"> suffering from newbieism.  Why are only script kiddies the ones being
"> caught? What is it that black hats are seeing that keeps them from
"biting?
"The clued black hats are for the most part busy running targeted attacks 
"on specific sites.  If you're a black hat planning a run  on Foobar
"Corp's website to harvest some credit card numbers, you're not going to
"hit Foobar's honeypot unless they leave a lot of red herrings that flag
"the box as a backend server.
"And if they DO hit it, they're gonna do a 'df' and a 'ps' and if it
"doesn't smell right, they are OUTTA there./
"
"-----BEGIN PGP SIGNATURE-----
"Version: GnuPG v1.2.2 (GNU/Linux)
"Comment: Exmh version 2.5 07/13/2001
"
"iD8DBQE/Ur1ucC3lWbTT17ARAk6KAKD1sRNWUPP2wQRvodZgygqyube4sACePsIH
"EFpRwXZnXtPpPb5tyIpvWj4=
"=5xc+
"-----END PGP SIGNATURE-----
"