Honeypots mailing list archives
Re: Heisenberg in the honeypot
From: Valdis.Kletnieks () vt edu
Date: Tue, 22 Jun 2004 14:43:59 -0400
On Tue, 22 Jun 2004 16:50:32 +1200, James Riden said:
I've seen a spectacularly inept cracker forget to remove the install files for one of his/her root kits - stored in /rk no less - so it's entirely possible a given attacker won't know it's a honeypot.
I've seen worse: http://www.securityfocus.com/archive/75/311955/2003-02-11/2003-02-17/0 (The whole scenario was even more totally bozotic, but I'm saving it as a good bar story.. wasn't a honeypot though, I was doing the forensics on the box afterwards...) I'm sure that every honeypot has aquired its share of similar anklebiters (you know, the kind that type 'dir' on a Unixoid, or 'ls' on a Windows box.. ;)
Attachment:
_bin
Description:
Current thread:
- RE: Heisenberg in the honeypot, (continued)
- RE: Heisenberg in the honeypot Chuck Fullerton (Jun 21)
- RE: Heisenberg in the honeypot Harlan Carvey (Jun 22)
- Re: Heisenberg in the honeypot James Riden (Jun 22)
- Re: Heisenberg in the honeypot Harlan Carvey (Jun 22)
- RE: Heisenberg in the honeypot Chuck Fullerton (Jun 22)
- RE: Heisenberg in the honeypot Harlan Carvey (Jun 22)
- Re: Heisenberg in the honeypot Valdis . Kletnieks (Jun 22)
- Re: Heisenberg in the honeypot PCSage Information Services (Jun 22)
- Re: Heisenberg in the honeypot Harlan Carvey (Jun 22)
- Re: Heisenberg in the honeypot Valdis . Kletnieks (Jun 22)
- Re: Heisenberg in the honeypot Valdis . Kletnieks (Jun 22)
- Re: Heisenberg in the honeypot Valdis . Kletnieks (Jun 22)