honey pots ????
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: honey pots ????

  1. #1
    Senior Member
    Join Date
    Feb 2004
    Posts
    197

    Question honey pots ????

    WHAT ARE HONEYPOT.ARE they some type of fake wall to catch hackers?

    AND where can i get one

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    honeypots are computer that like a trap, exactly like using honey to trap a bear....

    they are there un-protected and un-patched to allow intruders to enter a system, this can be for a number of reasons....I.e seeing if your network is being scanned or for reasearch purposes

    the honey net project is a good example, there other examples if just a matter of putting a number of tools on a box and monitoring the logs using snort and acid together can be the basis of a honey pot

    i2c

  3. #3
    Banned
    Join Date
    Apr 2004
    Posts
    843
    You make one dude.

    Fake wall? I have windows... Maybe we could place a big RedHat on top as a roof then we could all build a house and live the lives of the peaple on the TV show known as the Real World.

    Basicly its a computer thats highly watched over with various sniffers and file/sys auditing. Its not always about intruders... but its often mainly about the tools at hand such as new worms, auto-rooters, & (ect).

  4. #4
    Senior Member
    Join Date
    Feb 2004
    Posts
    197
    so you mean if i put a honey pot up on my computer it will tell me the ip of my atackers then i could do some payback

    i think that im being atacked(flooded )by some one how can i get there ip

  5. #5
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    put a firewall on your computer this will then tell you when your computer is being attacked,

    good ones free ones include zonealarms and sygate

    I know sygate tells you the sort of attack and also allows you to see the ip of the attacker and perform a whois scan.

    no offense but from your questions I dont think attacking back is a wise idea, cos he'll grab your ip, report you or other nasty things just do a whois, find the abuse@his-isp.com and send his ip and what hes doing to you to them and theyll probably boot him off there isp or send him bitchy emails...

    i2c

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Disturb: I'm sorry.... (ok, I lie too), but you are becoming something of a moron.

    You are talking about a honeypot, something you clearly don't understand, yet you think it will help you find the person "flooding" you so you can attack him back!!!! Oh dear... Putting up a honeypot is a lot harder than a whole bunch of other ways of seeing the attempted connections to your machine..... Knock yourself out.... Install Ethereal and capture everything..... Ethereal is _sooooo_ advanced that it can show you the IP address of all packets it sees..... It's what us uber 1337 h@x0r$ use 'cos we can see what he is trying to do too....

    Install Ethereal, learn how to use it and when you have mastered reading the packets and being able to make an educated guess about what is going on then come back and ask questions..... Until then you are reading things that you don't "get", you are picking up on "cool" sounding ****, but you are not doing anything to help yourself..... That's not what this place is really about..... There is no "silver bullet" to understanding this stuff..... It takes time, the desire to learn, some ability and a more mature attitude than you have displayed so far.....

    I'm not going to neg you 'cos it's saturday..... so I'm automatically in a better mood than usual...... But I probably should....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    http://www.sosresearch.org/publicati...2honeypots.PDF

    Stop thinking about attacking back. If you have a firewall, you should have their IP in your logs. From there you can block and report them. Use the ARIN database, google it, put in their IP, and you will get an abuse email to complain to.

    According to my link:
    There is no legal precedent yet established in regard to
    honeypots. The issue of entrapment is relevant if an
    attacker is intentionally lured to a honeypot, there must be
    no tacit permission to access the system banners should
    be carefully stated and identical on both the production
    and honeypot systems.
    That doc is 2 years old, I'm not sure how the rules have changed.

    then i could do some payback
    Who do you think you are, the Punisher? Don't play ping pong when you can take away their paddle. Just contact their network abuse email.

  8. #8
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    so you mean if i put a honey pot up on my computer it will tell me the ip of my atackers then i could do some payback
    Judging by your question, it's more likely that someone will end up using it as an open relay and spamming the hell out of a bunch of other people. Those people in turn will follow the IP back to you, and you are the one that will be getting the payback...

    Honeypots are not something to be messed with if you don't know what you are doing. There are a ton of threads here on the subject, along with many links.

    Honeypots are not for getting someones IP (although it is a side effect)..and I doubt you would know what to do with it when you did get it. As TheSpecialist stated, it's more for study of what is new, and studying how attacks work, and how systems are compromised... In some cases, honeypots are set up as a 'protection' (loose term) to keep malfeasants busy with something that looks like an unpatched system, and keeping them out of the henhouse.

    Until you have even a basic understanding of packets, and the different protocols, etc, all you are going to do is get yourself in trouble...worse yet, you will get frustrated because you don't know what you are looking at .... you gotta walk before you can fly...But if you are into studying how exploits work, by all means, spend some time reading.... especially if you are interested in incident response... it's much nicer to see what is happening on a 'throw-away" system.

    Why do you think you are being flooded? What do you see happening that would lead you to believe this?

  9. #9
    Senior Member
    Join Date
    Feb 2004
    Posts
    197
    ok thanks

    i looked on my log and founfd the ip

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Well done.....

    But I have to ask..... Why didn't you get off your butt and do that in the first place?..... It wasn't all that difficult was it?

    You are making white noise.... You know the answer but you just like to hear yourself type???? The basis of computing is to _think_.... If your thought's come up with nothing - research - if research comes up with nothing - ask questions..... You do it the other way round, don't you? It all relies upon you knowing how computers work.... If you don't know, and can't be bothered to find out, then you will _never_ be able to "work it out"....

    The "secret" in this world is knowledge, (it's actually the secret in any world). Knowledge doesn't simply come from asking others questions..... It comes from the desire to learn at a level where you do it yourself until you "hit the wall"..... When you do that your questions will be sensible and will elicit useful and sensible responses. Until you demonstrate that you are trying yourself then you won't be able to get useful replies.... Because you won't understand them when they occur.....

    Good Luck
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •