[plug] Building a "minefield/tarpit" for worms
Shannon Carver
shannon.carver at gmail.com
Wed May 31 12:56:07 WST 2006
Yea, that'd be great to watch live.
Give them access to a chroot'd dummy drive and just watch what they do,
delete logs, install nasty scripts etc etc :P
> -----Original Message-----
> From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On Behalf
> Of Patrick Coleman
> Sent: Wednesday, 31 May 2006 12:51 PM
> To: plug at plug.org.au
> Subject: Re: [plug] Building a "minefield/tarpit" for worms
>
> On 5/31/06, Shannon Carver <shannon.carver at gmail.com> wrote:
> >
> >
> > > -----Original Message-----
> > > From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On
> Behalf
> > > Of Bernd Felsche
> > > Sent: Wednesday, 31 May 2006 10:56 AM
> > > To: plug at plug.org.au
> > > Subject: Re: [plug] Building a "minefield/tarpit" for worms
> > >
> > > "Senectus ." <senectus at gmail.com> writes:
> > > >On 31/05/06, Daniel J. Axtens <danielax at gmail.com> wrote:
> > >
> > > >> As Daniel pointed out, this sort of thing is called a honeypot -
> just
> > > >> googling honeypot will get you started. There is also a honeypots
> > > >> mailing list on securityfocus.
> > >
> > > >Unless it's for research purposes, I fail to see why this is a good
> > > idea...
> > >
> > > I don't actually want to attract probes. I just to blow their legs
> > > off if they tread on my minefield. :-)
> > >
> > > That should reduce their ability to probe other machines.
> >
> > That's what I like to hear, a martyr for your cause!
>
> Matryr is right ... not quite sure that I understand how this is going
> to stop worms, because as Senectus pointed out they're scanning quite
> a few machines at once :)
>
> I must admit though that a honeypot machine setup to catch one of
> those SSH scans would be interesting, if only to see what happens once
> they get in.
> -Patrick
> --
> http://www.labyrinthdata.net.au
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
More information about the plug
mailing list