Honeypots mailing list archives
Re: DNS honeypots?
From: Brent Huston <lbhlists () gmail com>
Date: Wed, 3 Mar 2010 10:20:00 -0400
One of the tactics our clients use is that they stand up one of our HoneyPoint Agents on a decoy box and then send all malicious and failed queries to that IP address. The HoneyPoint Agent then absorbs the traffic for analysis. You can find a little bit about it from one of our customers here, they wrote it up with us: http://hurl.ws/cbhp Let me know if that helps! On Mar 2, 2010, at 4:00 PM, Jason Lewis wrote:
Anyone have any pointers to dns honeypots or maybe just BIND configurations that would allow logging of malicious queries without actually executing them?
Current thread:
- DNS honeypots? Jason Lewis (Mar 02)
- Re: DNS honeypots? Tillmann Werner (Mar 02)
- Re: DNS honeypots? Jason Ross (Mar 02)
- Re: DNS honeypots? Jason Lewis (Mar 02)
- Re: DNS honeypots? chr1x (Mar 02)
- Re: DNS honeypots? Jason Lewis (Mar 02)
- Re: DNS honeypots? Valdis . Kletnieks (Mar 02)
- Re: DNS honeypots? Jason Ross (Mar 02)
- Re: DNS honeypots? Jason Lewis (Mar 02)
- Re: DNS honeypots? Brent Huston (Mar 03)
- Re: DNS honeypots? Jason Lewis (Mar 03)
- Re: DNS honeypots? Brent Huston (Mar 03)
- Re: DNS honeypots? Jason Ross (Mar 03)
- Re: DNS honeypots? Jason Lewis (Mar 03)
- Re: DNS honeypots? Alexandre Dulaunoy (Mar 03)