[plug] Building a "minefield/tarpit" for worms
Daniel Pearson
gpearson at iinet.net.au
Tue May 30 12:07:47 WST 2006
Hi Bernd,
Do you mean something like http://www.securityfocus.com/infocus/1675 ?
"Open Source Honeypots, Part Two: Deploying Honeyd in the Wild
<http://www.securityfocus.com/infocus/1675>Following that we see an
attacker probe TCP 80 on our *Linux honeypot*. This port is closed and
the *honeypot* responds with a RST."
Cheers
Bernd Felsche wrote:
> My firewall gets *lots* of hits to well-known ports and ports used
> by bots/worms.
>
> Instead of simply rejecting/dropping packets, I'm toying with the
> idea of setting up a minefield and/or tarpit to make their lives a
> misery.
>
> Some stuff can be done with xinetd, but not a lot without spawning
> custom applications to e.g. fake bot responses and to harvest their
> locations.
>
> Are there any tools to handle incoming nasty connections and to deal
> with them based on a set of rules?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20060530/61a5d6e2/attachment.html>
More information about the plug
mailing list