Honeypots mailing list archives
Honey VS Vinegar
From: "Polazzo Justin" <Justin.Polazzo () facilities gatech edu>
Date: Wed, 27 Oct 2004 16:30:10 -0400
I was wondering about the complications inherent in "advertising" a honeypot. If you give the IP a DNS entry, the (google/altavista/lycos)bots try and index your IIS/Apache honeypot and you get a false alarm, even though the nicer ones may turn around after a robots.txt is found the traffic is recorded. Does this compromise the integrity of your honeypot? Then again, what about teaming up with fellow honeynets and googlebombing a misconfigured IIS 6.0/Apache banner to the previously mentioned DNS entry. (http://johnny.ihackstuff.com/index.php?module=prodreviews shows a few examples of what people are searching for) Is this entrapment? Will you only observe known exploits through this type of lure? I know how I feel (1: Ignore the searchbots, 2: Entrapment? they shouldn't be trying to compromise servers via Google so go ahead and 3: Even known exploits can make room for nice code storage), but was wondering what conclusions others have reached, and more importantly: To those who automatically publish their logs: How do you automagically clean all of this up? -JP
Current thread:
- Honey VS Vinegar Polazzo Justin (Oct 27)
- Re: Honey VS Vinegar Valdis . Kletnieks (Oct 27)
- <Possible follow-ups>
- Re: Honey VS Vinegar the rxmr (Oct 27)
- Re: Honey VS Vinegar Jeff Bryner (Nov 01)
- AW: Honey VS Vinegar Stephan Riebach (Nov 02)
- Re: AW: Honey VS Vinegar Adam Graham (Nov 02)
- RE: Honey VS Vinegar lubomir nistor (Nov 02)
- Re: Honey VS Vinegar Jeff Bryner (Nov 01)