March 15th, 2004, 01:38 AM
Probably because few people use honeypots or have one.
March 15th, 2004, 03:08 AM
good point. but wouldnt they have spotted it in the forum menu thing??
March 15th, 2004, 10:46 AM
Even if someone does notice this forum, doesn't mean that they will use it.
March 16th, 2004, 12:10 AM
but would they get interested and try to find stuff out about honeypots?
March 16th, 2004, 12:24 AM
Sure. Just because a forum doesn't have 10,000 posts doesn't mean people aren't reading it. The reality is that honeypot usage is still a relatively new thing and I suspect that many either don't have the time or patience to setup up a good honeypot and ensure a limited risk factor. That's life.
There are lots of resources out there for honeypots but I still say the best is http://project.honeynet.org. (whoops! Fixed! )
March 16th, 2004, 12:34 AM
March 16th, 2004, 10:46 AM
I experimented with a honeypot called KFSensor from keyfocus http://www.keyfocus.net/kfsensor/
Though I am not very familiar with honeypots nor have I played with KFSensor enough to give a report, I will say it was fun watching the connections come in and the commands that were typed. KFSensor is comercial, a trial is available.
March 17th, 2004, 12:06 PM
I just found a honeypot (directed from another website): http://www.security-corporation.com/trapserver.html
Looks interesting and it's FREE! (gotta love that 4 letter word). So those of you in Windows might want to try it.
March 20th, 2004, 01:26 AM
I use kfsensor. I agree on the watching connections bit. Mostly it runs as a spam trap and that isnt wildly interesting.
Originally posted here by journy101
Though I am not very familiar with honeypots nor have I played with KFSensor enough to give a report, I will say it was fun watching the connections come in and the commands that were typed. KFSensor is comercial, a trial is available. [/B]
I caught someone trying to send fake aol billing messages from a russian ISP once, and another person trying to exploit yahoo pager. I keep hoping I might catch something from these new trojans but without a proper simulator behind the ports there isnt much hope I think.