[olug] Romanian Script Kiddies

Charles Bird cbird at mail.datar8.com
Wed Oct 25 20:57:32 UTC 2006 

ya, I was thinking the honeypot thing, even though I lack expertise of
course. I was thinking if they wanted in, to leave a few "interesting"
looking files somewhere that are mislabeled and when executed do something
totally differnt from what they expect. I pretty much saw them trying to
crash my server and not gain access to anything, so i guess honeypot was
not a logical solution, just logging as usual.

>
> On Wed, October 25, 2006 13:29, Dennis Bautell wrote:
>> "If it continues then it might be honeypot time. :)"
>>
>> That was my first thought... Never really got around to messing with
>> them,
>> though. Are they useful for defending a single IP? I thought they they
>> were normally used to cover free addresses, to slow down scanners.
>
> I wouldn't say that a honeypot will defend a single IP, rather allow you
> to study the Script Kiddie community.
>
> I've also seen people setup a honeypot that has no good reason for ever
> being touched by an outside person (i.e. a tripwire).  Then, when the
> honeypot sees some on-going activity, it sends a message to an
> adminisrator and they can then block that IP address at their firewall
> protecting the real servers and data.
>
> Normally the honeypot is a softer target than your real server farm.  As
> long as the honeypot is believable they will probably keep poking around
> there.  If it is similar to your internal server/network design, you might
> have a chance of watching their steps and securing your internal
> applications before they get there.
>
> Dan
>
> - - - -
> "Wait for that wisest of all counselors, time." -- Pericles
> "I do not fear computers, I fear the lack of them." -- Isaac Asimov
> "Soon we will be able to harness the rotational energy from Orwell's grave
> to solve all world energy problems." -- /. user GigsVT (208848)
> GPG fingerprint:6FFD DB94 7B96 0FD8 EADF  2EE0 B2B0 CC47 4FDE 9B68
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>

More information about the OLUG mailing list