[SLUG] Next Meeting
Stuart Thomas
stuartthomas at clara.co.uk
Fri Aug 22 18:21:29 BST 2003
Excellent,
Also to add to Jamie's excellent notes:
One of the important elements of the honey"pot"/"net" is the fact you
learn from it, enhance your knowledge and experiences [to share with
others]. I had the pleasure (subs:pain) and payment for implementing
several of them whilst working for some blue-chips in the City [London
that is], and as an ethical hacker for Oracle.
Another advantage about the honeypot is that you get to know about NEW
security flaws as well as existing ones. Of course you don't really
want to "attract" hackers to your main public facing network, a
separate segment of IP address's (registered if possible under a pseudo
company name, or small subsidiary of your existing company, anyway I
digress) and a physically separate network (i.e. incase of DDOS/DOS and
similar dysfunctional attacks) does the trick.
Lanze Spitzner has a two good books out at the moment (just do search
on amazon), if you are interested. BUT, I think you may find a lot of
that work at http://project.honeynet.org (SF publishes a lot of work
for the honeynet project) [white-papers et al] you may also like
http://rr.sans.org (a reading room full of security papers).
A fascinating and time consuming hobby/project though!
Ta,
Stu
On Friday, Aug 22, 2003, at 16:46 Europe/London, Gavin Baker wrote:
> On Fri, 2003-08-22 at 15:58, Adams, Jamie wrote:
>> I don't know what the hell your talking about, but sounds good to me!
>
> (honeypot) Usually a box that *pretends* to be running services with
> known security flaws. The idea is to attract crackers to try and hack
> the (fake) servers so we can monitor what they do and protect our real
> boxen against the attacking host and the same kind of attack, and if
> they are trying to crack non existent services, our real ones are safe.
>
> There are a lot of honeypot apps out there. Some are as simple as a
> perl
> script, or a shell script that uses nc to listen on a port (say www),
> reply as a real www server would but log everything that happens. Some
> are indistinguishable from the real thing (like iisemul8[1]).
>
> Some, like honeyd[2] also fake the TCP/IP stack, to pretend to be
> whatever OS you want.
>
> There is a good series of articles about honeypots on securityfocus.com
> somewhere.
>
> Fun stuff really.
>
> Gav
>
> [1] http://sourceforge.net/projects/iisemul8/
> [2] http://www.citi.umich.edu/u/provos/honeyd/
>
> --
> Gavin Baker <gav at supercowpowers.org
>
>>> -----Original Message-----
>>> From: Stuart Thomas [mailto:stuartthomas at clara.co.uk]
>>> Sent: 22 August 2003 15:26
>>> To: scarborough at mailman.lug.org.uk
>>> Subject: Re: [SLUG] Next Meeting
>>>
>>>
>>> Yes, if anyone is interested.
>>>
>>> That is electronic kind.
>>>
>>> Cheers,
>>> Stu
>>>
>>> On Friday, Aug 22, 2003, at 14:11 Europe/London, Gavin Baker wrote:
>>>
>>>> On Fri, 2003-08-22 at 12:52, Stuart Thomas wrote:
>>>>> Hm how about a talk on building a linux oracle (or any database)
>>>>> honeynet?
>>>>
>>>> Your volunteering to do a tutorial on honeypots? :)
>
>>
>
>
>
>
More information about the Scarborough
mailing list