-
February 12th, 2002, 10:07 PM
#1
Member
Honeypot
I kinda think it fits in IDS & Scanners.
I was wondering if anyone had info on honeypots, as to how to make one as to how not to get caught by one. I know it happened to a group in India who hacked a US site which, in fact, was just a honeypot. They got busted big time after using it as a server for more than a month.
Thanks,
cold_connection
Edit:
Oops... I just found out the thread below mine was about that so I'll make my question more specific:
How do I realise the computer I'm on is in fact a big set up. Is there any way to know this before hand?
-Friends come and go. Enemies accumulate-
-
February 12th, 2002, 10:09 PM
#2
we actually had a thread in another forum going about this, but check out http://project.honeynet.org
-
February 12th, 2002, 10:15 PM
#3
http://www.antionline.com/showthread...hreadid=130645
This thread was started earlier today, and has some good info.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
February 13th, 2002, 02:36 PM
#4
How do I realise the computer I'm on is in fact a big set up. Is there any way to know this before hand?
My first guess would be being able to log into a machine through whatever method and gaining access, easily readable "secret" files, etc etc...all the while someone's looking at the syslogs which are sent to another machine (tripwire, syslog, mail logs, etc). If it seems too easy, that could be a big sign but since I don't jump on machines to break them, I wouldn't really know. Wargame servers are different as the rules are set and it's open season.
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
-
February 13th, 2002, 03:28 PM
#5
I recommend that persons in the field not break into networks they are not supposed to. Then you have no worries.
Onto your question - one must ensure that there is not an easily reconstructable host-chain leading back.
A series of compromised hosts, changing location, generous use of dynamic ips and non computer hosts are best.
Trappedagainbyperfectlogic.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|