Hack logs

[Soda_Popinsky]

This might have been asked before, but a quick search only brought up an unrelated thread by ennis.

Im reading a older security book that says AO has a live log of all hack attempts? Where is it? If it is gone, I propose that it be brought back. It's a pretty badass idea!

[Tiger Shark]

It might be nice as a "feature" here.....

People upload _sanitized_ logs, (as long as the sanitization allows people to clearly see which machines are which without giving away the whole ball of wax), for people to see and maybe comment on.....

That would be nice.....

Maybe a Mod could move/copy this to "site suggestions".....

[Soda_Popinsky]

What would be cool is show the type of attack, then have some sort of link to what it is, what is used to prevent it. Would be pretty informative, really quick, and would show the youngens like me what kind of attacks corporate sites have to deal with.

Edit

A logs forum maybe?

[foxyloxley]

If I'm reading this correctly?
we could sit at home and watch live, AO site getting hit ?
and there would be some kind of 'key'? so that it made some kind of sense to the likes of me ?
OR put a honeypot online ??? with the pre mentioned live feed ???

edit - add all of Soda's extras to the pot, and you could have a real interesting show ??

[Soda_Popinsky]

A honeypot we could all watch would be incredible....

foxyloxley- if you are confused about my post, theres a pic in "Steal this computer book 2" that is an old AO page with a table of attacks against AO, date, time and type.

[mnstrgrl]

The way hack attempts are handled has changed since JupM acquired the site. It now sits inside our network, and hack attempts will be caught and dealt with before they even get to the AO server. This being the case, it doesn't seem like there's a reasonable way we could post information about those attempts.

- h

[Soda_Popinsky]

Well the honeypot idea still isn't out of the question, maybe that could be considered. Outside of the network, and have it's logs and findings posted in a thread automatically and the community can do the diagnosing...

Whaddya think?

[HTRegz]

Hey Hey,

The honeypot idea is very cool, however not realistic. It's been widely talked about on here, any hacker/cracker/whatever you want to call them who would provide interesting data (instead of repeated canned tools) would do proper enumeration and recon first, which would entail visiting the related sites. They would undoubtedly see the logging of data from the honeypot and realize what was up, thus scarying them off before they even did anything. Most of us have our own IDS's and honeypots, or we see the results from others online, and those are going to have much more interesting stuff that that one would ever have. As for the canned attacks that you'd still see... everyone sees them so they aren't that big of a deal. It'd be cool for research purposes to see the frequency and where they are coming from but that's it.

You also have to look at this from JupM's viewpoint. They don't want to put what appears to be an unsecure machine on their network. Even if it is only a honeypot, if people know about it again it's useless, and if people find out about it and it goes public, then a company who's trying to promote security with a few of their sites is going to look like a joke and claiming it's a honeypot will only look like a bad attempt at a cover-up. They will also subject themselves to more attacks/attack attempts than they are already experiencing. This translates into more bandwidth, which means more money. It may not make that big of a difference, unless people start attempting DOS attacks, but still it's an unneeeded expense.


Peace,
HT

[Soda_Popinsky]

Ok, so lets pull it away from JupM...

What if we had a forum (aside from the one currently) Where experienced "honeypotters " could run a honeypot and post the results, and leave for comments. I think that would be HUGE for people like me who can figure out how to setup a honeypot but don't have a clue as to how to monitor it or check its results.