Probably because few people use honeypots or have one. ;)
Printable View
Probably because few people use honeypots or have one. ;)
good point. but wouldnt they have spotted it in the forum menu thing??
Even if someone does notice this forum, doesn't mean that they will use it.
but would they get interested and try to find stuff out about honeypots?
Sure. Just because a forum doesn't have 10,000 posts doesn't mean people aren't reading it. The reality is that honeypot usage is still a relatively new thing and I suspect that many either don't have the time or patience to setup up a good honeypot and ensure a limited risk factor. That's life.
There are lots of resources out there for honeypots but I still say the best is http://project.honeynet.org. (whoops! Fixed! :))
That is an invalid link
I experimented with a honeypot called KFSensor from keyfocus http://www.keyfocus.net/kfsensor/
Though I am not very familiar with honeypots nor have I played with KFSensor enough to give a report, I will say it was fun watching the connections come in and the commands that were typed. KFSensor is comercial, a trial is available.
I just found a honeypot (directed from another website): http://www.security-corporation.com/trapserver.html
Looks interesting and it's FREE! :D (gotta love that 4 letter word). So those of you in Windows might want to try it.
I use kfsensor. I agree on the watching connections bit. Mostly it runs as a spam trap and that isnt wildly interesting.Quote:
Originally posted here by journy101
Though I am not very familiar with honeypots nor have I played with KFSensor enough to give a report, I will say it was fun watching the connections come in and the commands that were typed. KFSensor is comercial, a trial is available. [/B]
I caught someone trying to send fake aol billing messages from a russian ISP once, and another person trying to exploit yahoo pager. I keep hoping I might catch something from these new trojans but without a proper simulator behind the ports there isnt much hope I think.