Fun Things To Do With Your Honeypot System 136
An anonymous reader writes "Whitedust is running an interesting article on honeypots and their uses. From the article: 'Most papers deal with the potential gains a honeypot can give you, and the proper way to monitor a honeypot. Not very many of them deal with the honeypots themselves... Honeypots can be used to ensnare and beguile potential hackers; entice them to give you more research information, and actively defend your production network."" From the article: "Once an attacker has taken all the trouble to set up shop on your honeypot, he'll probably want to see what else there is to play with. If your honeypot is like most traditional honeypots, there's not much for an attacker to do once he gets in. What you really want if for the attacker to transfer down all the other toys in his arsenal so you can have a copy as well. Giving an attacker additional targets with various operating systems and services can help him decide to give you his toys. The targets can be real, but you'll get almost as much mileage if they're simulated. A good place to start is to put a phantom private network up hung off the back of the honeypot."
Like I Have That Kind of Time (Score:3, Insightful)
Re:Think you missed the point... (Score:2, Insightful)
Risk to others (Score:5, Insightful)
Are you liable for any damages?
Are you causing problems for law enforcement or other sysadmins by helping the attacker obscure their identity?
Seems like you would need to filter outbound traffic VERY carefully. It would be almost impossible to do this without the attacker knowing -- they'd realize it was a honeypot and get the hell out of there.
Re:Idiot (Score:2, Insightful)
Re:And a fun way to get free warze. (Score:4, Insightful)
I seriously doubt it - not if you mean "in the last several years". Any unprotected box hanging directly off the net will be scanned and fingerprinted within minutes if not seconds of connecting, and exploited automatically. Botnets aren't kiddies' toys anymore: they're very professionally run and your unpatched '98 box is just grist for the mill.
About five years ago I timed scans off a dialup connection in, let's say, a hostile part of the world - average of around 20 seconds from connect to scan. It hasn't gotten any better since.
Just one problem - (Score:4, Insightful)
a fake database or two, some Word documents showing that the US has a secert base in the middle of the everglades....
You'll then get pulled in by Homeland Security and shipped to Gitmo for revealing that the US has a secret base in the middle of the Everglades.
Re:And a fun way to get free warze. (Score:4, Insightful)
"Thou shall not use any programming language that works on only one OS. "
Then it's a typographical error, most likely a soft-broken 'Y' key, and the joke falls apart. Making fun of someone with a broken keyboard is just mean. He might be on his way to CompUSA right now for all you know.
Now, if he corrects it to read:
"Thou shall not use a programming language that works on only one OS. "
Then it's grammatical, and the joke will hold up. The world will be safe from poor grammar. You will have fulfilled your destiny. Crush the lesser races, conquer the galaxy, unimaginable power, unlimited rice pudding...Etcetera, etcetera...
(or not)
Re:And a fun way to get free warze. (Score:3, Insightful)
This means that you can detect that specific hardware configuration and tell that it's vmware.
Bad advice (Score:3, Insightful)
Simulated traffic can be used in conjunction with simulated targets....If you want to really see what the attacker is all about, simulate traffic that looks like someone trading MP3s, or traffic that looks like someone transferring business documents. If the attacker spends most of his time looking at the MP3 traffic, he is probably pretty harmless. If he spends his time looking at the documents, he is probably pretty dangerous.
Yea, right. Great advice, right up to the day that the RIAA and their FBI thugs come breaking down your door and taking every computer that you own and anything else they want too, because the hacker that broke into your system and saw all that traffice was an RIAA hacker.
"From The Article" (Score:3, Insightful)
It's all fun and games... (Score:4, Insightful)
Who are these security people with so much free time that they can monitor a honeynet for hours on end and create bogus traffic to move across it in order to entertain a bored 16-year-old hacker from who knows where? Every serious professional I know is up to his eyeballs in real work.
Re:Think you missed the point... (Score:4, Insightful)
In my life, I've identified a few key words that are highly accurate in ferreting out people who waste time. One of these is "paradigm". Those who wax poetic about "paradigm" are typically those who haven't bothered to figure out how things work, and are trying to convince you to do whatever it is that they think might work.
Big waste - RUN!
I've come to discover that "just" is a key word. It positively identifies those who have no idea what they're talking about. The most rediculous, inane, and useless activities I've ever seen all started with the word "just" in the job description. Like:
"Solar power is feasible - just bring down the cost of manufacturing"...
or,
"Sex is no big deal - just get a girlfriend"... (big one for many who peruse these boards)
or,
"The software works great - we just need to change a few basic assumptions..."
So, watch that word, "just". It usually fortells major catastrophe and certainly unrealistic expectations!
Re:Just one problem - (Score:1, Insightful)
Dude, there are two things wrong with this:
Really, Bush and his handlers have run your country into the ground, demonstrated their complete lack of respect for human and civil rights as well as your own constitution and yet there are sheep like you who just bend over while praising the Great Leader.
I mean, doesn't a graph like this one [cedarcomm.com] tell you that Reagan, Bush I and Bush II are not conservatives, but rather creditcard maxing out white trash?
Doesn't conservatism mean spending less money?