[plug] Building a "minefield/tarpit" for worms
Daniel J. Axtens
danielax at gmail.com
Wed May 31 08:23:01 WST 2006
As Daniel pointed out, this sort of thing is called a honeypot - just
googling honeypot will get you started. There is also a honeypots
mailing list on securityfocus.
HTH,
Daniel (A)
On 5/30/06, Daniel Pearson <gpearson at iinet.net.au> wrote:
>
> Hi Bernd,
>
> Do you mean something like
> http://www.securityfocus.com/infocus/1675 ?
>
> "Open Source Honeypots, Part Two: Deploying Honeyd in the WildFollowing that
> we see an attacker probe TCP 80 on our Linux honeypot. This port is closed
> and the honeypot responds with a RST."
>
> Cheers
>
> Bernd Felsche wrote:
> My firewall gets *lots* of hits to well-known ports and ports used
by
> bots/worms.
Instead of simply rejecting/dropping packets, I'm toying with
> the
idea of setting up a minefield and/or tarpit to make their lives
> a
misery.
Some stuff can be done with xinetd, but not a lot without
> spawning
custom applications to e.g. fake bot responses and to harvest
> their
locations.
Are there any tools to handle incoming nasty connections
> and to deal
with them based on a set of rules?
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
>
>
--
Neuronstorm: neuronstorm.sourceforge.net
The Neuronstorm Blog: leinad-golb.blogspot.com
More information about the plug
mailing list