Results 1 to 5 of 5

Thread: Honeypot

  1. #1

    Honeypot

    I kinda think it fits in IDS & Scanners.
    I was wondering if anyone had info on honeypots, as to how to make one as to how not to get caught by one. I know it happened to a group in India who hacked a US site which, in fact, was just a honeypot. They got busted big time after using it as a server for more than a month.

    Thanks,

    cold_connection


    Edit:
    Oops... I just found out the thread below mine was about that so I'll make my question more specific:
    How do I realise the computer I'm on is in fact a big set up. Is there any way to know this before hand?
    -Friends come and go. Enemies accumulate-

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    we actually had a thread in another forum going about this, but check out http://project.honeynet.org

  3. #3
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    http://www.antionline.com/showthread...hreadid=130645

    This thread was started earlier today, and has some good info.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  4. #4
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    How do I realise the computer I'm on is in fact a big set up. Is there any way to know this before hand?
    My first guess would be being able to log into a machine through whatever method and gaining access, easily readable "secret" files, etc etc...all the while someone's looking at the syslogs which are sent to another machine (tripwire, syslog, mail logs, etc). If it seems too easy, that could be a big sign but since I don't jump on machines to break them, I wouldn't really know. Wargame servers are different as the rules are set and it's open season.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  5. #5
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    I recommend that persons in the field not break into networks they are not supposed to. Then you have no worries.

    Onto your question - one must ensure that there is not an easily reconstructable host-chain leading back.

    A series of compromised hosts, changing location, generous use of dynamic ips and non computer hosts are best.
    Trappedagainbyperfectlogic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •