Honeypots mailing list archives
THDP
From: "Edward W. Ray" <support () mmicman com>
Date: Mon, 1 Sep 2003 14:00:47 -0700
Mr. Anuzis: This is an idea which is a long time coming. I am currently working on a course/book for http://www.sans.org on Windows XP security. I have dabbled a little with honeypots but have not set up something like this. A few days after the MS03-026 patch was released (July 16, 2003) I wanted to see if I could hack my own internal network via this vulnerability. I have a Windows 2003/XP LAN isolated from the internet via firewalls. The internal traffic is (almost) 100% IPSec encrypted via certificate authority. I wrote up a program in about 2 hours and was able to compromise my Windows 2003 Domain Controllers, File Servers, Print Servers and XP clients. If someone with limited knowledge in coding such as I was able to do it, I am sure others were able to be root more sensitive computers. True blackhats are rarely ever caught. They are for hire by companies and governments to glean knowledge and information about their competitors. I have always wanted to set up a fictitious bank or company honeypot, complete with database and web servers. It should be locked down against all but the most sophisticated types of hack attempts. This would require effort on the part of multiple sites hosting interrelated honeypots. As a home user with a 3 Mbps down/1.5 Mbps up connection I would be more than happy to volunteer. I would recommend a hybrid network composed of Linux, OpenBSD, Solaris and Windows machines. Let me know if there is anything I can help with in regards to this project. Regards, Edward W. Ray SANS GCIA, GCIH
Current thread:
- THDP Edward W. Ray (Sep 01)