Symantec Honeypot??!?!? (Symantec Decoy Server)
Results 1 to 7 of 7

Thread: Symantec Honeypot??!?!? (Symantec Decoy Server)

  1. #1
    Senior Member
    Join Date
    Mar 2003
    Posts
    217

    Symantec Honeypot??!?!? (Symantec Decoy Server)

    I could be reading this wrong, but i think symantec is coming out (or has come out with) a honeypot prog for your network.

    check it out.

    symantec decoy server
    http://enterprisesecurity.symantec.c...?ProductID=157
    i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    115
    i noticed that many vendors for various appliance/software is doing their own version of psuedo-IDS type of system. even web filtering vendors like websense added to their v.5 line of their product to "trap" unqualified web activity, etc... didn't symantec recently bought an security firm also dealing with IDS'?

    -w0rm3y

  3. #3
    Junior Member
    Join Date
    Jun 2003
    Posts
    26
    seems to be something like that... didnt found any honeypot yet (i think :Q)
    but who will buy this? only big firms that have a well configured sytems and server just to be sure everything is ok...

  4. #4
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550
    Originally posted here by CraZy_AhmaD
    seems to be something like that... didnt found any honeypot yet (i think :Q)
    but who will buy this? only big firms that have a well configured sytems and server just to be sure everything is ok...
    Unless SickyourIT and I are both reading this wrong , I would say that this is the definition of a honeypot. It lures in attacks and allows you to monitor the attacker's activity while they are in a confined environment. I don't know if I'd buy it, but I would say that "Decoy Server" is just Symantec's way of marketing a honeypot. Nice link, SickyourIT...

  5. #5
    Senior Member
    Join Date
    Jul 2002
    Posts
    117
    I've heard about it, but I think Symantec may have bought it, or the company who developed, and called it it's own. It's called ManTrap, runs on Solaris systems and is incredibly pricey. Lance Spitzner talks about it in his "Honeypots: Tracking Hackers" book, an entire chapter actually, but makes no reference to it being owned by Symantec.

    If it's the same one I'm thinking of, it runs on Solaris and creates "cages" which are basically images of fully functional OSes, allowing the attacker to interact with them like a normal OS. Only difference is, is that "he's", being watched. I also hear, through the grape vine, that it's insanely expensive, upwards of $24,000(US), for the version that allows the maximum of four cages. Lesser cages is lesser in cost, but still in the thousands of (US)dollars.

    It's some cool stuff though. A group using it was able to discover a previously unknown dtspcd vulnerability in Solaris systems using ManTrap.

  6. #6
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    332
    Here is an idea. Why buy a program to use as a honeypot. Why not just make a "real" one?
    What happened to that idea? Now we gotta have a damn program for everything. I do realize that alot of these programs are really good. But they all have one flaw. They are all the same. When an exploit is found to actually gain arbitrary information about a symantec honeypot, or how to fingerprint it, how to hack it. How ever you wanna exploit it, Your screwed. Just like the other five hundred thousand people that bought it. Till they patch it of course. Let's be realistic for a second. People who are looking for mischief are only as honest as their options. If I can't deface that page the first two or three tries. I try something else. Your big iron takes the sorry trojan scan, the IDS kicks in and you know who they are there before they figure out what they are trying to root.

    2 cents
    Your heart was talking, not your mind.
    -Tiger Shark

  7. #7
    Junior Member
    Join Date
    Aug 2003
    Posts
    2
    Symantec just renamed Mantrap to decoy server. they bought mantrap and manhunt from recourse technologies last year. (The symantec website makes a reference to the name change). I heard about it on some web conference (SANS?). Will have to try it.


    Symantec Decoy Server*
    *(Formerly Symantec ManTrap)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •