Retaliating HoneyPot
Results 1 to 10 of 10

Thread: Retaliating HoneyPot

  1. #1
    Senior Member
    Join Date
    Aug 2002
    Posts
    239

    Retaliating HoneyPot

    I dont know if you have heard of TambuUDP scrambler, but it is a honeypot program that listens on a UDP port, and on a remote connection, floods the remote computer. Is there another program that anyone knows about that does the same thing (retaliate) but on TCP ports? I know NukeNabber detects connection, but it does/nt fight back. Thanx
    It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.

    Hit it!

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Sounds like a very dubious action to me; remember that if you choose to retaliate against some apparent attacker, they could be completely innocent (ever heard of spoofed packets? surely not.)

    Also a legal minefield - if you crash their computer and they lose all their stuff, will they sue you?

    If they had a worm on their machine (unbeknownst to them) which portscanned you, and you retaliate and cause a nuclear reactor meltdown, whose fault is it?

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    slarty made an excellent point but what if this happened. Generally it would be reversed from this but here goes: Person A want's to hack Person B. So He hacks Person C and use's his box to hack person B, hoping that if traced (or fought back), it would go to C instead of A. I hope you see my point. Someone could hack a company and use it as a slave box to hack you. If you crash that company and they lose data or anything, you could be in serious trouble. It's usually the other way around, where the person hacks a persons comp to hack a company. But you see the point.. It's always best to just report them instead of fighting back.
    Space For Rent.. =]

  4. #4
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    1> retalitation is illegal. Its just as bad as hacking in the first place.

    2> Thats BS to call it a honeypot. A honeypot monitors a connection. It doesn't take any action. It just logs everything and is used to watch users actions. Not to DoS someone.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  5. #5
    Senior Member
    Join Date
    Aug 2002
    Posts
    239
    Ok, then should I just stick to firewall logs to report this person to his or her ISP?

    Heres the scenario:

    Every 4 days or so for 2 months now, my firewall ( Agnitum for awhile, now ZoneAlarm Pro) picks up a trojan scan from a specific IP. This scan will only scan three ports: 12345, 27374, and 1243 which I know to be typical trojan ports. I am frustrated that no one on has stopped it, so I want to see if this so-called intruder will actually connect. Should I just use a simple port listener like Attacker? Or something else?
    It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.

    Hit it!

  6. #6
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Why bother? If you have the sig and even the IP and your firewall can pick up a spoofed IP, or routers and in your case I'd say not. One of the most important jobs as sys admin you have is to sort out automated attacks (most likely here) active probes and real threats. Devote the time to the threats and active intrusions attempts and ignore pesky scans and probes such as you describe. Devote time and resources to a real threat not some lone system on a BB connect that's been had. Last system I admin I'd say I averaged 1000 to 1500 attempts a week, out of that I nailed the real threats.

    maybe 1 a month or 3 and 3 spammers attempting email relays monthly. Yep all account closed and usually I was on the phone to confirm it all

    Another fact is most ISP's unless there is some real life event like phone calls answer about 1 in 100 complaints and deal with it

    Want to be fun then try http://www.hackbusters.net/ read and do nothing let that program sort it out
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  7. #7
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    um ProtectionX or Connection X....I can't remember, but it's designed to hangup Port scan's and trojan clients/servers trying to connect....I dono bout it being Illegal but it's not exactly a good way of staying hidden....oh well, I only used it once.....

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  8. #8
    Senior Member
    Join Date
    Jun 2002
    Posts
    394
    RFC 864, character generator protocol.
    TCP Based Character Generator Service

    One character generator service is defined as a connection based
    application on TCP. A server listens for TCP connections on TCP port
    19. Once a connection is established a stream of data is sent out
    the connection (and any data received is thrown away). This
    continues until the calling user terminates the connection.
    there is a standard for a probable nicely legal remote scanner deterant. by setting up this service on random port numbers distrubuted right up the range it may foil some scans. this would be of less use if you are just being scanned on specific well known trojan ports, unless you run this service on those ports, but then you would not be conforming to the standard, so would this not be legal?
    you should probably avoid ports being used by programs that you run.
    Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!

  9. #9
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    Setting up retaliatory software is just asking to get your ass into trouble. It isn't exactly legal to retaliate, and depending on the software it can most likely be tricked into attacking computers that had nothing to do with it.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I'd say there is a bigger issue here...... Illegality is important but I leave that to the lawyers to sort.....

    Let's say I'm a "nasty" and I have decided, for whatever reason, that it is your box I want. So away I go footprinting and the rest when all of a sudden I get flooded.... Hmmmm..... Valuable piece of information I just learned - this isn't a box set up by some naive youngster - it is watched, the admin appreciates the need for security and is sufficiently knowledgable to set up such devices that attack back....... No problem - now I start being really careful in my attempts to make entry armed with the knowledge that I am being watched and logged so I need to spend time looking for those systems and disabling/DOSing/erasing their content.

    Thank you for all that info - I will get in but I will be much more careful and you may never know.......

    Had you left the activity alone and let it develop you may have had the opportunity to see what was going on before I did harm - 'cos I probably would have left a trace somewhere before you alerted me to your level of skill and diligence.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •