 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
I have been provoking attacks (usally in IRC) for years... when I mentioned this in another security related list a few years ago i got flamed so bad i still feel toasty... I have noticed (using a bit of psycology from the aid of my wife who is a phycologist and closet geek girl) that you can easily tell if you are going to get your basic 13 or 14 yr old script kiddie or someone a bit more skillful... but dont forget to check you hunnypot webserver logs for all those refers from google (thanks Johnny for google hacking).... sorry if it was a rant... but it's my 2 cents worth... On Tue, 2004-11-02 at 05:29, Stephan Riebach wrote: > Reading all your posts I wondered if aggressive tactics do really provoke > new/interesting attacks. More precisely I wondered how far we should go?! > > I tested some tactic earlier by installing a P2P client on a honeypot and > provoking attacks by "annoying" users. I created random data files with "dd" > and converted them to the mp3 format using lame > (http://lame.sourceforge.net/). I gave those fake files the names of famous > Top20 songs and provided the files with my KazaaLite client. I also provided > some real large faked files which I simply renamed as zip or rar archive, > e.g. "Windows2000Prof.zip" . The honeypot was online for 6 weeks and many > files were downloaded but really no new/unusual/special attack could be > detected in this time. Just the well-known port 135 and 445 signatures. I > also run a web server on this honeypot and I hoped to increase attacks with > this "annoying" tactic. Maybe you can compare this with fishing and my lure > was bad or I simply had no luck. :-) > > Or maybe I proofed that P2P users are harmless and never attack anybody. :-) > > > Cheers! > Stephan >
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.