-
February 24th, 2002, 05:02 PM
#1
Honeypots & TCPServer
While doing a qmail install recently, I was reminded of Dan Bernstein's TCPServer, which is part of the ucspi-tcp package. What TCPServer does, is listen on a given port and when a connection is made, it executes a program of your choice, sending stdout out via the TCP Port. This is useful in that you can listen on say, TCP/1095 and just have a shellscript that reads:
Code:
#!/bin/sh
echo GO AWAY YOU DIRTY H4X0R!
You can also control things like how many connections are allowed at once (so that each spawned app can't be misused and DoS your server through resource usage), etc., etc..
It's a pretty customizable thing, and I was hoping to get some input on how it might fly in a honeypot setup. If you were a hacker, and you saw TCP/21 was open thanks to your fav. port scanner, would you not be frustrated if you telnet in and get GO AWAY YOU DIRTY H4X0R!! and then the connection is closed?
Because you restrict connections based on IP, it might also be possible to have a remote shell sitting and listening on your internal network, that kinda thing.
What do you honeypot types think?
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|