April 17th, 2004 10:31 PM
Bravo TigerShark..not just good advice for learning computers, but good solid, sensible life advice..
April 17th, 2004 10:55 PM
w00t w00t! m4ss1ve r3p3ct!!!
Tiger Shark: uber 1337 h@x0r$
This week for me seems to be the week of the uber hacker, I had my best mate ask me to hack a hotmail account, I was shocked and disgusted I like computer security but i'd never go near a hotmail account, I mean what is the world coming to! Im only young but so much has changed since 1994 when there werent so many trolls. maybe i wasnt looking in the rite place.....
can we get a forum for trolls? theres one for newbies, but theres loads of newbies with good technical knowledge that ask good sensible questions and do there research first, then theres the minority (slowly becoming the majority?) that take it upon them selves to ask cr*p questions.
anyway rant over and back to my boring coursework (C programming for idiots that ive put off until it needed to me handed it cos its so dull - "calculate the area of a sphere"!!!!!wow complex stuff!!! (sarcasm....))
edit - oh yea i rapidly pointed them towards eric raymonds excellent text on what a hacker is.
April 17th, 2004 10:56 PM
IMHO In a nutshell, people who know how to set up a "real world" honeypot( www.urbandictionary.com ) are not looking to "trap" nor "turn in" a quote attacker. The real objective is to make somthing legit enough, in hopes they, a skilled, deticated and educated attacker will upload his or her personal work & tools to the machine, therefore you obtain undiscovered goodies. And I'll be the first to tell you that when he starts off with a quite scan, they will be able to tell if it's a poorly configured honeypot. Or else why would they risk giving away all of their work. It's all in the config , not to mention that the uploader is probably 10 times smarter then the one who configs. IMHO
April 17th, 2004 11:10 PM
groovicus, you make a very good point there.
it's more likely that someone will end up using it as an open relay and spamming the hell out of a bunch of other people
It's got to be very time consuming to try and set one of these things up properly. Even with Snort and other traffic analyzing software setup, I can only imagine that it's still very possible for these honeypots to get hijacked fairly easily (which may even be the intended purpose initially).
With all the spoofing that's going on, the vast amounts of time and effort going into the fingerprinting of attackers, the legal issues, and personal liability issues (like groovicus stated above) how effective are honeypots really? If they are effective but only on a small scale, is it trully worth adding yet another exploitable computer to the internet...on purpose?
I just checked out some stuff on honeypots and found this little article on honeypots and it provides some good descriptions, theory and links, including a link to a free basic honeypot known as Back Officer Friendly.
The object of war is not to die for your country but to make the other bastard die for his - George Patton