Honeypots mailing list archives
Re: Virtual Honeypot Users
From: "Andrew R. Lamb" <arl7969 () it rit edu>
Date: Tue, 15 Jun 2004 07:13:48 -0400
Yes, it would be more of a task - again, self plug but if you visit my paper at http://www.lucidic.net/whitepapers/alamb-12-2001.html I emulated a "normal" user logging in and perfoming daily tasks. I've known people to hand out shell accounts on their honeypot to friends, who then act like "normal" users (checking their email, web browsing, etc). You can filter out traffic originating from your friend's IP addresses and focus in on any bad guy's (traffic). Brian Burton <brianburton () telus net> writes:
I've been thinking about this lately and wonder what others think... Basically do you think it would be worth it to simulate actual users logging in and doing tasks on honeypots? I know you'd then have additional activity on the honeypot you'd have to account for but just thought this would be an interesting addition for them making them more realistic. I thought of it since when hackers do get into the box they for sure check if anyone is logged on and I'd assume it always seem odd if no one is ever logged in or anything additional has happened since the previous time they've been on. I'm sure others have thought of this or something similar so was curious on what you think about doing this. Brian
Current thread:
- Virtual Honeypot Users Brian Burton (Jun 14)
- RE: Virtual Honeypot Users Freddie Beaver (Jun 15)
- Re: Virtual Honeypot Users Andrew R. Lamb (Jun 15)
- <Possible follow-ups>
- Re:Virtual Honeypot Users Vlad (Jun 15)