THDP

["Edward W. Ray" <support () mmicman com>]

Mr. Anuzis:

This is an idea which is a long time coming.  I am currently working on a
course/book for http://www.sans.org on Windows XP security.  I have dabbled
a little with honeypots but have not set up something like this.  A few days
after the MS03-026 patch was released (July 16, 2003) I wanted to see if I
could hack my own internal network via this vulnerability.  I have a Windows
2003/XP LAN isolated from the internet via firewalls.  The internal traffic
is (almost) 100% IPSec encrypted via certificate authority.  I wrote up a
program in about 2 hours and was able to compromise my Windows 2003 Domain
Controllers, File Servers, Print Servers and XP clients.  If someone with
limited knowledge in coding such as I was able to do it, I am sure others
were able to be root more sensitive computers.

True blackhats are rarely ever caught.  They are for hire by companies and
governments to glean knowledge and information about their competitors.  I
have always wanted to set up a fictitious bank or company honeypot, complete
with database and web servers.  It should be locked down against all but the
most sophisticated types of hack attempts.  

This would require effort on the part of multiple sites hosting interrelated
honeypots.  As a home user with a 3 Mbps down/1.5 Mbps up connection I would
be more than happy to volunteer.  I would recommend a hybrid network
composed of Linux, OpenBSD, Solaris and Windows machines.

Let me know if there is anything I can help with in regards to this project.

Regards,

Edward W. Ray
SANS GCIA, GCIH