Honeypots mailing list archives
Re: Honeypot/net IDS System
From: captgoodnight () acsalaska net
Date: Sun, 22 Feb 2004 19:39:36 -0900
On Sunday 22 February 2004 04:55 pm, Michael Robinton wrote:
http://jackass.tekno.chalmers.se/dp03-17/
I'm puzzled by everyone's interest in "fake honeypot" systems. I've run a couple of them for several years and there is almost NO traffic even though I have a bunch of email addy's on web pages for spamscrapers to find. Running a tarpit as the front end of our mail system catches bunches of spammers. Why wouldn't you do that instead? It is much more effective and eliminates the spam from our incoming MTA as well as killing the net traffic associated with the spam. Since spam outnumbers real messages by more than 10 to 1 (at least here), this is beneficial. Michael
Can't say that myself, I have tons of traffic. Fake apache, fake telnet, fake ftp and fake ssh. Oh, what I've learned in the past three months from all the junk; helps me understand what's going on out there in the wild. Some slick tactics, but most are repeats. About 5-10 smacks a day. Lot's to learn, often the most unseen things push us forward, day one - hook up the honeypot, day two, strategies in packet-crafting...packet crafting too... on and on. Nothing to be puzzled about lad, it's just another tangent in the method. Fairly simple. Learn on the constant move, while my tarpit brings up the side, and on and on...It's cool having other machines in the lab for curious George tendencies ;) Now go play in your tarpit, there has to be something there to keep ya busy ;) Just a penguin flapping his wings, cg PS- Can we make a rule, one that states that no person since the first mouse and dial up 300/1200 BBSs can use the word { addy }. Ugrh, it even hurts my fingers to type.
Current thread:
- Honeypot/net IDS System Daniel Roth (Feb 22)
- Re: Honeypot/net IDS System Michael Robinton (Feb 22)
- Re: Honeypot/net IDS System captgoodnight (Feb 22)
- RE: Honeypot/net IDS System Aditya, ALD [Aditya Lalit Deshmukh] (Feb 24)
- RE: Honeypot/net IDS System Michael (Feb 24)
- RE: Honeypot/net IDS System ravivsn (Feb 24)
- RE: Honeypot/net IDS System Michael (Feb 25)
- Re: Honeypot/net IDS System Valdis . Kletnieks (Feb 25)
- Re: Honeypot/net IDS System Ian Baker (Feb 24)
- Re: Honeypot/net IDS System Michael (Feb 25)
- RE: Honeypot/net IDS System Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)
- RE: Honeypot/net IDS System Michael (Feb 27)
- Re: Honeypot/net IDS System Niels Provos (Feb 27)
- Re: Honeypot/net IDS System Michael Robinton (Feb 22)