Honeypots mailing list archives
RE: Some questions about my first honeypot
From: Andy Streule <andy.streule () lythamhigh lancs sch uk>
Date: Tue, 20 Apr 2004 10:04:09 +0100
3. As its only been 1 day since ive had it live, activity has been pretty minimal however should an intruder break in and start using the box as a base to scan from I could be in big trouble with my ISP, is there anyway I can limit connections outbound from the honeypot so thats its not obvious to the intruder something is wrong, but protects me from unknowingly participating in some DoS attack?
some isps scan internally for open proxies/relays. U should look out for these scans and then prevent them from reaching the honeypot. adding yourself to open proxy lists is a good way to attract attention. being on a dynamic ip is helpful if you start being overwhelmed by incomming connections. My honeypot kfsensor, has the ability to 'lock up' and ignore connections for a time if it detects too many incoming connections at once. regards Andy *************************************************************************** This e-mail is confidential and privileged. If you are not the intended recipient do not disclose, copy or distribute information in this e-mail or take any action in reliance on its content. *************************************************************************** *************************************************************************** This email has been checked for known viruses. ***************************************************************************
Current thread:
- Some questions about my first honeypot x0x (Apr 08)
- Re: Some questions about my first honeypot Thorsten Holz (Apr 09)
- Re: Some questions about my first honeypot Valdis . Kletnieks (Apr 12)
- <Possible follow-ups>
- Re: Some questions about my first honeypot Graeme Connell (Apr 09)
- RE: Some questions about my first honeypot Andy Streule (Apr 20)
- Re: Some questions about my first honeypot Thorsten Holz (Apr 09)