Honeypots mailing list archives
honeyd-SSH validity?
From: Thomas Jones <thomas.jones () linux-howtos com>
Date: Wed, 3 Sep 2003 02:15:06 -0500
Hello all, I have been studying various attempts/capabilities by myself to fingerprint and/or banner grab my honeyd system from within my own LAN. Now, i know that this is a low-level system with limited user interaction. However, the SSHD script does not provide for emulation of a service response if the client queries the server verbosely during a connection attempt. i.e. ssh -a -l root -v -v -v server.domain.tld This provides the client with the server protocol version and vice versa, but the exchange of any other information for "verbose debugging" is met with a RST. It would seem to me, that an advanced attacker would want access to as much data as possible with one connection. So as to limit traffic exposure, on the target network. Any ideas on how to accomplish the emulation of the sshd daemon to look/seem valid under a debug scenario? I have captures, if anyone needs further explanation. TIA. -- Thomas Jones Linux-Howtos Network Administrator OpenGPG Key: 0x6A3DF6E9
Current thread:
- honeyd-SSH validity? Thomas Jones (Sep 03)
- Re: honeyd-SSH validity? Niels Provos (Sep 03)