I kinda think it fits in IDS & Scanners.
I was wondering if anyone had info on honeypots, as to how to make one as to how not to get caught by one. I know it happened to a group in India who hacked a US site which, in fact, was just a honeypot. They got busted big time after using it as a server for more than a month.

Thanks,

cold_connection


:eek: Edit:
Oops... I just found out the thread below mine was about that so I'll make my question more specific:
How do I realise the computer I'm on is in fact a big set up. Is there any way to know this before hand?

we actually had a thread in another forum going about this, but check out http://project.honeynet.org

http://www.antionline.com/showthread.php?threadid=130645

This thread was started earlier today, and has some good info.

How do I realise the computer I'm on is in fact a big set up. Is there any way to know this before hand?


My first guess would be being able to log into a machine through whatever method and gaining access, easily readable "secret" files, etc etc...all the while someone's looking at the syslogs which are sent to another machine (tripwire, syslog, mail logs, etc). If it seems too easy, that could be a big sign but since I don't jump on machines to break them, I wouldn't really know. Wargame servers are different as the rules are set and it's open season.

I recommend that persons in the field not break into networks they are not supposed to. Then you have no worries.

Onto your question - one must ensure that there is not an easily reconstructable host-chain leading back.

A series of compromised hosts, changing location, generous use of dynamic ips and non computer hosts are best.