Honeypots mailing list archives
RE: Looking for Honeypots???
From: "Mohd Rosli Saidin" <MROSLIS () jkr gov my>
Date: Thu, 06 Apr 2006 12:14:24 +0800
I just insatll honeyd on a pc, Question: 1. how do i trace the hackers now 2. where is the best place that i have to put the pc that i have install honeyd, it is at dmz zone or after the firewall? 3. Do i need tools to trace the pc that install honeyd dan install the tools at another pc (it is must be linux or windows) or on the same pc that install honeyd. Is so what is the best tools to trace/monitor my honeyd? Please comment, thank you all.
"Roger A. Grimes" <roger () banneretcs com> 4/6/2006 10:09:11 AM >>>
I run 8 honeypots, and have for years. I've not seen this. There maybe some specific targeted firms (i.e. av firms, Microsoft, etc.) and some occasional honeypot identifications made by honeypot-aware hackers, but its far from mainstream. Criminal hackers are stealing millions of dollars every day...their current methods are working just fine. The idea that they actually need an offensive strategy is almost laughable. Computer crime is on an incredible rise this year...and it isn't because they are taking down honeypots. Article fodder for a gullible reporter. For heaven's sake, the first article mentioned that some malware programs are actually disabling antivirus mechanisms as if it was news. -----Original Message----- From: David Jiménez Domínguez [mailto:djdsecurity () gmail com] Sent: Wednesday, April 05, 2006 6:50 PM To: honeypots () securityfocus com Subject: Looking for Honeypots??? Hi list!! Yesterday ZDnet issued a note [1] about cybercriminals looking for antivirus firm's honeypots in order to launch attacks against them, specially those for malware collection. I've read some docs about the same topic [2][3] some days ago... Have yout ever seen something like that within your honeynets? I think one of the reasons of this actions is to stop the botnet hunting and botnet hijacking, not to be aware if they are being watched mainly... What do you thing?? [1] http://news.zdnet.co.uk/internet/security/0,39020375,39261210,00.htm [2] http://www.it-observer.com/articles/1101/honeypots_how_seek_them_out/ [3] http://ryan1918.org/viewtopic.php?t=1444 -- ------------------ DJD _ --------------------------------------------------------------------- The contents of this e-mail and its attachment,if any message are intended for the named addressee only and may contain confidential information. If you are not the named addressee,you must not copy this message or disclose it to any other person. If you have received this message in error,you should delete this message immediately and notify the sender by return e-mail. Public Works Department(PWD) disclaim all liability for any error,loss or damage arising from this message being infected by computer virus or other contaminant.The views and other information in this message that do not relate to the official business of PWD shall not be deemed given nor endorsed by PWD.
Current thread:
- Looking for Honeypots??? David Jiménez Domínguez (Apr 05)
- Re: Looking for Honeypots??? Mark Ryan del Moral Talabis (Apr 05)
- Re: Looking for Honeypots??? David Jiménez Domínguez (Apr 06)
- Re: Looking for Honeypots??? Thorsten Holz (Apr 06)
- Re: Looking for Honeypots??? David Jiménez Domínguez (Apr 06)
- <Possible follow-ups>
- RE: Looking for Honeypots??? Roger A. Grimes (Apr 05)
- RE: Looking for Honeypots??? Mohd Rosli Saidin (Apr 06)
- RE: Looking for Honeypots??? Roger A. Grimes (Apr 09)
- Re: Looking for Honeypots??? Mark Ryan del Moral Talabis (Apr 05)