Re: Introducing the Tactical Honeynet Deployment Project

["Tom Britten" <tomb () antenseven net>]

    I think that one key thing your missing in the equation is motivation.
It is not simply making a honeypot/honeynet believable to a more advanced
person.  The key lies in why would they attack your site.  What is the gain,
what type of information is available, what resources can be acquired by
gaining entry/access.
    I believe that the Tactical Honeynet Deployment Project brings up these
ideas in their deception and control.  They don't quite come out and say it
in the same manner but the thought is there.....I think.  The other part of
the solution does lie in convincing them that this is a real valuable host.
    Further more, a lot of blackhats are doing the same research that we are
but in reverse.  And this affects the type of hosts that they attack, as in
they aren't looking for a machine that every possible exploit on it.  These
are people building there own exploits or discovering ones that we don't yet
know about. My two cents. ^_^
    The last comment I would make is that most of the things that set people
off about whether or not a system is real is almost impossible to hide.  The
only way to truly do this would be to build a new distro that has all the
features in it, for it is very difficult to transform a current distro.
Start with LFS and slowly work your way up adding bogus commands and
services.  Not an easy task by any means, but I think that would be the best
possible solution.  Maybe that is a project worth starting. Let me know your
thoughts.

Tom Britten
Sr. Systems Engineer

----- Original Message -----
From: <greg () sixx com>
To: <honeypots () securityfocus com>
Sent: Sunday, August 31, 2003 1:21 PM
Subject: Re: Introducing the Tactical Honeynet Deployment Project


> I'm interested in honeypots and tarpits, but I'm also seriously suffering
> from newbieism.  Why are only script kiddies the ones being caught? What
> is it that black hats are seeing that keeps them from biting?
>
> Greg
>
> > Dear honeynet community,
> > This e-mail is to inform anyone interested of the establishment of the
> > Tactical Honeynet Deployment Project ( http://www.thdp.org ).
> >
> > Currently there are several honeynet and honeypot projects in existance
> > and
> > I think everyone would agree with me if I said: "it seems like the last
> > thing the honeynet research community needs is another project doing the
> > same old thing..." but at the same time I think we can each agree
honeynet
> > research has been struggling as of late. Something has been missing.
> > Script-kids are the only ones getting "caught", or "biting the bait" so
to
> > speak. The Tactical Honeynet Deployment Project, with a complete focus
on
> > the concepts of deception, psychology, and control, hopes to transform
the
> > honeypot from a tool hacked only by neophyte script-kids, to a more
> > advanced
> > system of deployment that will be capable of studying the more
> > sophisticated
> > class of blackhats.
> >
> > As of now, our project is just being established and we have very few
> > members. For this reason, if you have been in the study of honeynet
> > research
> > for a while and are ready to take your honeynet designs to the next
level,
> > we would be interested in sharing your insights in our project's pages.
> >
> > If our project's website (available at http://www.thdp.org) sounds like
> > something you would be interested in participating in, it would be a
great
> > opportunity for us to work together in making today's limited honeynet
> > implementations into something more.
> >
> > Regards,
> >
> > Michael Anuzis, CCNA
> > Network Security Consultant
> > Mobile: 248.376.7030
> > CTO, Advanced DataTactics, Inc.
> > CTO, Advanced InfoTactics, Inc.
> > Project Coordinator: http://www.thdp.org
> >
> > _________________________________________________________________
> > Get MSN 8 and help protect your children with advanced parental
controls.
> > http://join.msn.com/?page=features/parental