[SLUG] Next Meeting
Gavin Baker
gav at supercowpowers.org
Fri Aug 22 16:48:01 BST 2003
On Fri, 2003-08-22 at 15:58, Adams, Jamie wrote:
> I don't know what the hell your talking about, but sounds good to me!
(honeypot) Usually a box that *pretends* to be running services with
known security flaws. The idea is to attract crackers to try and hack
the (fake) servers so we can monitor what they do and protect our real
boxen against the attacking host and the same kind of attack, and if
they are trying to crack non existent services, our real ones are safe.
There are a lot of honeypot apps out there. Some are as simple as a perl
script, or a shell script that uses nc to listen on a port (say www),
reply as a real www server would but log everything that happens. Some
are indistinguishable from the real thing (like iisemul8[1]).
Some, like honeyd[2] also fake the TCP/IP stack, to pretend to be
whatever OS you want.
There is a good series of articles about honeypots on securityfocus.com
somewhere.
Fun stuff really.
Gav
[1] http://sourceforge.net/projects/iisemul8/
[2] http://www.citi.umich.edu/u/provos/honeyd/
--
Gavin Baker <gav at supercowpowers.org
> > -----Original Message-----
> > From: Stuart Thomas [mailto:stuartthomas at clara.co.uk]
> > Sent: 22 August 2003 15:26
> > To: scarborough at mailman.lug.org.uk
> > Subject: Re: [SLUG] Next Meeting
> >
> >
> > Yes, if anyone is interested.
> >
> > That is electronic kind.
> >
> > Cheers,
> > Stu
> >
> > On Friday, Aug 22, 2003, at 14:11 Europe/London, Gavin Baker wrote:
> >
> > > On Fri, 2003-08-22 at 12:52, Stuart Thomas wrote:
> > >> Hm how about a talk on building a linux oracle (or any database)
> > >> honeynet?
> > >
> > > Your volunteering to do a tutorial on honeypots? :)
>
More information about the Scarborough
mailing list