Re: Honeypot/net IDS System

[captgoodnight () acsalaska net]

On Sunday 22 February 2004 04:55 pm, Michael Robinton wrote:

> > http://jackass.tekno.chalmers.se/dp03-17/

> I'm puzzled by everyone's interest in "fake honeypot" systems. I've run a
> couple of them for several years and there is almost NO traffic even
> though I have a bunch of email addy's on web pages for spamscrapers to
> find.
>
> Running a tarpit as the front end of our mail system catches bunches of
> spammers. Why wouldn't you do that instead? It is much more effective and
> eliminates the spam from our incoming MTA as well as killing the net
> traffic associated with the spam. Since spam outnumbers real messages by
> more than 10 to 1 (at least here), this is beneficial.
>
> Michael

Can't say that myself, I have tons of traffic. Fake apache, fake telnet, fake 
ftp and fake ssh. Oh, what I've learned in the past three months from all the 
junk; helps me understand what's going on out there in the wild. Some slick 
tactics, but most are repeats. About 5-10 smacks a day. Lot's to learn, often 
the most unseen things push us forward, day one - hook up the honeypot, day 
two, strategies in packet-crafting...packet crafting too... on and on. 
Nothing to be puzzled about lad, it's just another tangent in the method. 
Fairly simple. Learn on the constant move, while my tarpit brings up the 
side, and on and on...It's cool having other machines in the lab for  curious 
George tendencies ;) Now go play in your tarpit, there has to be something 
there to keep ya busy ;)

Just a penguin flapping his wings,

cg

PS- Can we make a rule, one that states that no person since the first mouse 
and dial up 300/1200 BBSs can use the word { addy }. Ugrh, it even hurts my 
fingers to type.