-
I'm confused at your answer jethro. The client's computer shouldn't even be able to tell that the service running on the other end is a VB service. For example, if he were emulating POP3, the service would just connect itself to a port, listen for connections and act like a pop server would act. Obviously, the service wouldn't be a fully functional POP3 server, but it would emulate just enough to keep the skiddie from being suspicious while recording all of his/her actions. So VB can do the job, it's just not going to be as easy to implement as it would be in C. On the up side, maybe a VB program would be a little better protected from coding errors that lead to buffer overflows, just beause the script kiddies will be expecting a service written in C. Who knows... it's a good concept, but will require lots of coding to make it work well. Good luck trials, and let us know if you have any success stories.
-
Its going ok so far but havent really got round to doing that much to it, people can login to it as guests, its got a fake c:\ drive and it logs all all the ip's that connect and all the commands that are sent. At the moment im just working on all the different commands that can be sent like cd and things like that. It would be better using C because it is a pain to reboot into win, thanx for all your help ill keep you updated on it.
-
Sounds like a cool project. Good Luck :)
-
Re: hunny pot program
Quote:
Originally posted here by trials
Im going to make a hunnypot kind of program which will fake services like telnet and log everything that happens, its goin to be coded in vb. I was wondering if anyone has any ideas of what kind of things i could add to it?
C Code would be a nice "addition," but people have probably already beat that over your head by now.
-
Sure, it's all great untill an attacker finds an exploit in your code and hacks in. There is a considerable risk of compromising your host machine when doing something like this.
Another thing to consider would be to install Linux, NT or whatever in VMware to simulate a honeypot. You could then put IDS on the host machine and log all of the activity.
--Sudo
