Honeypots mailing list archives

Re: Google Hack Honeypot v1.0 is released!

From: Andrew Smith <stfunub () gmail com>
Date: Tue, 15 Feb 2005 18:33:34 +0000

Brilliant! I was considering writing something like this myself but
never got round to it. Look forward to playing with this.


On Tue, 15 Feb 2005 13:03:40 +0000, Christian Kreibich
<christian () whoop org> wrote:

Hi,

On Mon, 2005-02-14 at 17:24 -0600, Ryan McGeehan wrote:

Google Hack Honeypot v1.0 is released!


sorry but I'm having trouble identifying what exactly you're doing, and
I was hoping you'd like to clarify.

Are you putting up handcrafted webpages that match the criteria
identified in a GHDB signature, and render them using PHP for logging
purposes? I'm a bit confused because in that case I'm thinking "how is
this different from slapping together a simple static page conforming to
the conditions outlined in the GHDB signature, and grepping my apache
logs?".

Who do you want to capture, and to what depth do you emulate the
vulnerable app? I mean, what I'd do if I wanted to exploit a
vulnerability for which I can find exploitable sites via a search engine
is script up some Perl to harvest the hits and then go off and nail them
one by one.

If you want to find out whether someone found you using a search engine,
then any hidden-ish page that resides in an untypical location and
matches the signature critera will do and it doesn't really matter
whether the webpage actually looks like the vulnerable app.

What do those pages look like in GHH? It would be helpful if you could
give examples on your site.

How about you automatically create the pages from the GHDB signatures?
That would be much more interesting imho.

I'm not meaning to be negative -- I just don't quite get it yet :)

ps: no doubt Niels will get a good chuckle out of that "Powered by
Google" logo :)

Thanks,
Christian.
--
________________________________________________________________________
                                          http://www.cl.cam.ac.uk/~cpk25
                                                    http://www.whoop.org



-- 
zxy_rbt2

Current thread:

Google Hack Honeypot v1.0 is released! Ryan McGeehan (Feb 14)
- Re: Google Hack Honeypot v1.0 is released! Christian Kreibich (Feb 15)
  - Re: Google Hack Honeypot v1.0 is released! Andrew Smith (Feb 15)
- <Possible follow-ups>
- Re: Google Hack Honeypot v1.0 is released! Ryan McGeehan (Feb 15)
  - Re: Google Hack Honeypot v1.0 is released! Christian Kreibich (Feb 15)