HoneyPot? Prolly not...
Results 1 to 7 of 7

Thread: HoneyPot? Prolly not...

  1. #1
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953

    HoneyPot? Prolly not...

    Hey guys/gals,

    > i'm writing a simple application that logs all socket requests on certain ports... i've included the log file it currently creates from port 80 traffic... What other info about the attacker/client would be useful? thank you in advance...
    yeah, I\'m gonna need that by friday...

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401

    Re: HoneyPot? Prolly not...

    Originally posted here by tampabay420
    Hey guys/gals,

    > i'm writing a simple application that logs all socket requests on certain ports... i've included the log file it currently creates from port 80 traffic... What other info about the attacker/client would be useful? thank you in advance...
    How about the (extra) http headers and POST/GET data?

  3. #3
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    i just took all of that out... as all of that data can be forged quite easily...
    i'm really only interested what/where the would-be attacker is doing?
    thanks...
    yeah, I\'m gonna need that by friday...

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by tampabay420
    i just took all of that out... as all of that data can be forged quite easily...
    i'm really only interested what/where the would-be attacker is doing?
    thanks...
    That's why the headers and the data is important. Most exploits are hidden in this data.

    As an example here's a Code Red I captured using nothing more than nc -l -p 80 > codered.txt .



  5. #5
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    Here is the new Log example
    yeah, I\'m gonna need that by friday...

  6. #6
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    here is a screenshot
    i just started this project this morning, so it's Alpha (to say the least )
    yeah, I\'m gonna need that by friday...

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by tampabay420
    here is a screenshot
    i just started this project this morning, so it's Alpha (to say the least )
    Looks promising. Keep up the good work

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •