Re:Virtual Honeypot Users

["Vlad" <recompiler () hacksrus com>]

Activity would vary greatly depending on the supposed role of the server.
My mail servers don't get ssh logins from random users, but the
development servers have 8 to 12 developers hanging out there 24/7/365.
Web traffic is easy to simulate. I have some background traffic stuff and
other tools but I need to clear it with my employer before I can release
it. Look for it within 2 weeks.

Easiest thing I could think of would be to have a hardened FreeBSD host
booting of read only media, and automatically logging in at semi random
times, running things, reading email, sending fake email etc. The machine
would have to be very hardened to minimize chance of compromise, and
discovery of busseybody scripts. I may end up writing the busseybody
scripts myself.


File with login times, random number generator which will generate a time
interval so log in +- 30 min from the login time
send email following typical patterns (early morning, lunch, just before
end of work day, random spam etc.

Lets hear some more ideas?


--
Vlad G.


The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.
Any review, retransmission, dissemination or other use of, or taking of
any action in reliance upon, this information by persons or entities other
than the intended recipient is prohibited.
If you received this in error, please contact the sender and delete the
material from any computer.