Re: Oracle DB honeypot?

["Blarnum, Seamus" <crpyt0k1d () yahoo com>]

IMHO... you will need a good cover story for your DB.
Functionality and purpose is a good one. Content and
traffic generation to the DB is another...

If it's just sitting there with old data, hackers
won't stay around. if the public view of the DB is
juicy, then someone will come and take a peek at it. 


--- Stuart Thomas <stuartpaulthomas () gmail com> wrote:

> This was one of the problems I found with my 9i
> OracleDB honeyDBnet 
> project in 2003, utilising a distinct (i.e. separate
> from the corp owned 
> public ip's, but interesting enough to attract the
> big fly's) but 
> interesting IP segment, as well as a populated site
> interesting and 
> tempting enough to be attacked. Not an uncommon
> problem I suspect! :-)
>
>
>
>
>
>
>
>
> Ronald van der Westen wrote:
> > I dont think you want to watch whole day to a
> network sniffer :)
> > -----Oorspronkelijk bericht-----
> > Van: hypermodest () gmail com
> [mailto:hypermodest () gmail com] 
> > Verzonden: zaterdag 10 juni 2006 4:13
> > Aan: honeypots () securityfocus com
> > Onderwerp: Oracle DB honeypot?
> >
> > Hello.
> > Does anybody have idea how to organize Oracle DB
> honeypot, to attract
> > crackers to Listener service, iSQL*Plus service,
> etc?
> > It's easy to install Oracle DB, start network
> sniffer and wait, but how to
> > attract anyone?
> >
> >
> >   
>
>
> -- 
> Stu Thomas
> Freelance security consultant (UK)
> CISMP(ISEB), GSEC
> Web: http://www.ethicalhacking.us


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com