What to do?
Duane Attaway
dattaway at dattaway.org
Sat Jan 11 23:38:57 CST 2003
On Sat, 11 Jan 2003, Dustin Decker wrote:
> Not as far as you know anyway. Any one of the sites you hit could very
> well be a honeypot. You might already have some sticky stuff stuck to
> you. There are better ways to learn about this... most professionals
> will suggest that you put together a lab and work against it.
Let me tell you there are honeypots out there. Might be more than one
expects...
The smart bear sniffing for honeypots will have read through the driver's
source code and found a handy utility for uploading MAC and serial numbers
into the RAM or flash. And not to go around making connections with
services open on your computer. Examples would be a web server, fingerd,
etc... Also, the tcpip stack in the kernel tends to leave interesting
fingerprints. The source code of nmap may offer more information about
this. If someone is going to break the law, they should at least learn
how to do it right.
I learn more by listening. I have a honeypot. It is a cheap stand alone
computer upstairs with a directional antenna down a busy street looking
for connections on a few known services. Its not an insecure setup or
anything begging for hacking, but has a few well known ports listening for
connections. Just a little honey in this pot.
I had a spare computer, so why not? Perhaps some day I will turn it into
a neighborhood web server or something.
--
Why drive a car when you can ride a bike?
http://attaway.net http://counter.li.org user #142150
More information about the Kclug
mailing list