[plug] Building a "minefield/tarpit" for worms
Patrick Coleman
blinken at gmail.com
Wed May 31 12:51:04 WST 2006
On 5/31/06, Shannon Carver <shannon.carver at gmail.com> wrote:
>
>
> > -----Original Message-----
> > From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On Behalf
> > Of Bernd Felsche
> > Sent: Wednesday, 31 May 2006 10:56 AM
> > To: plug at plug.org.au
> > Subject: Re: [plug] Building a "minefield/tarpit" for worms
> >
> > "Senectus ." <senectus at gmail.com> writes:
> > >On 31/05/06, Daniel J. Axtens <danielax at gmail.com> wrote:
> >
> > >> As Daniel pointed out, this sort of thing is called a honeypot - just
> > >> googling honeypot will get you started. There is also a honeypots
> > >> mailing list on securityfocus.
> >
> > >Unless it's for research purposes, I fail to see why this is a good
> > idea...
> >
> > I don't actually want to attract probes. I just to blow their legs
> > off if they tread on my minefield. :-)
> >
> > That should reduce their ability to probe other machines.
>
> That's what I like to hear, a martyr for your cause!
Matryr is right ... not quite sure that I understand how this is going
to stop worms, because as Senectus pointed out they're scanning quite
a few machines at once :)
I must admit though that a honeypot machine setup to catch one of
those SSH scans would be interesting, if only to see what happens once
they get in.
-Patrick
--
http://www.labyrinthdata.net.au
More information about the plug
mailing list