-
August 29th, 2006, 01:04 PM
#1
Junior Member
Honeypot for Shares in Windows.
Hello all,
I'm after some advice if possible, we have a virus/worm that appears to be propagating through our network via Open Shares. Is there a Honeypot that can emulate open shares that I would be able to use to track the source (or victim) connections from? Or is there a better way of doing this?
Thanks!
-
August 29th, 2006, 01:33 PM
#2
Welcome to AO
Just take any old computer.. Open a few writable shares, drop some executables in there, hook up a sniffer and wait..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
August 29th, 2006, 01:48 PM
#3
Junior Member
Thanks for that - I'm downloading Ethereal now.
-
August 29th, 2006, 02:06 PM
#4
Originally posted here by Dove11
Thanks for that - I'm downloading Ethereal now.
Good choice
If the "old computer" can run XP, turn on File and Object auditting and audit any write action to those shares. It's probably easier to read the security eventlog then it is to wade through a couple of megabytes of sniffer data. You'll have a basic time frame to look for..
Oliver's Law:
Experience is something you don't get until just after you need it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|