[olug] Romanian Script Kiddies

Daniel Linder dan at linder.org
Wed Oct 25 19:22:33 UTC 2006


On Wed, October 25, 2006 13:29, Dennis Bautell wrote:
> "If it continues then it might be honeypot time. :)"
>
> That was my first thought... Never really got around to messing with them,
> though. Are they useful for defending a single IP? I thought they they
> were normally used to cover free addresses, to slow down scanners.

I wouldn't say that a honeypot will defend a single IP, rather allow you
to study the Script Kiddie community.

I've also seen people setup a honeypot that has no good reason for ever
being touched by an outside person (i.e. a tripwire).  Then, when the
honeypot sees some on-going activity, it sends a message to an
adminisrator and they can then block that IP address at their firewall
protecting the real servers and data.

Normally the honeypot is a softer target than your real server farm.  As
long as the honeypot is believable they will probably keep poking around
there.  If it is similar to your internal server/network design, you might
have a chance of watching their steps and securing your internal
applications before they get there.

Dan

- - - -
"Wait for that wisest of all counselors, time." -- Pericles
"I do not fear computers, I fear the lack of them." -- Isaac Asimov
"Soon we will be able to harness the rotational energy from Orwell's grave
to solve all world energy problems." -- /. user GigsVT (208848)
GPG fingerprint:6FFD DB94 7B96 0FD8 EADF  2EE0 B2B0 CC47 4FDE 9B68




More information about the OLUG mailing list