Honeypots mailing list archives
Re: DNS honeypots?
From: Jason Lewis <jlewis () packetnexus com>
Date: Wed, 3 Mar 2010 09:38:22 -0500
Slightly related, I was wondering what might happen if I made every query to the honeypot resolve back to the honeypot? On Wed, Mar 3, 2010 at 9:20 AM, Brent Huston <lbhlists () gmail com> wrote:
One of the tactics our clients use is that they stand up one of our HoneyPoint Agents on a decoy box and then send all malicious and failed queries to that IP address. The HoneyPoint Agent then absorbs the traffic for analysis. You can find a little bit about it from one of our customers here, they wrote it up with us: http://hurl.ws/cbhp Let me know if that helps! On Mar 2, 2010, at 4:00 PM, Jason Lewis wrote:Anyone have any pointers to dns honeypots or maybe just BIND configurations that would allow logging of malicious queries without actually executing them?
Current thread:
- DNS honeypots? Jason Lewis (Mar 02)
- Re: DNS honeypots? Tillmann Werner (Mar 02)
- Re: DNS honeypots? Jason Ross (Mar 02)
- Re: DNS honeypots? Jason Lewis (Mar 02)
- Re: DNS honeypots? chr1x (Mar 02)
- Re: DNS honeypots? Jason Lewis (Mar 02)
- Re: DNS honeypots? Valdis . Kletnieks (Mar 02)
- Re: DNS honeypots? Jason Ross (Mar 02)
- Re: DNS honeypots? Jason Lewis (Mar 02)
- Re: DNS honeypots? Brent Huston (Mar 03)
- Re: DNS honeypots? Jason Lewis (Mar 03)
- Re: DNS honeypots? Brent Huston (Mar 03)
- Re: DNS honeypots? Jason Ross (Mar 03)
- Re: DNS honeypots? Jason Lewis (Mar 03)
- Re: DNS honeypots? Alexandre Dulaunoy (Mar 03)