From owner-freebsd-questions  Wed Aug  9 11:16:11 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from state.net (dorthy.state.net [204.75.238.244])
	by hub.freebsd.org (Postfix) with ESMTP id AC95937BEB5
	for <questions@FreeBSD.ORG>; Wed,  9 Aug 2000 11:16:04 -0700 (PDT)
	(envelope-from jon@state.net)
Received: from state.net (redoak.state.net [204.75.238.247]) by state.net (8.8.8/8.7.2) with ESMTP id NAA25270; Wed, 9 Aug 2000 13:17:50 -0500 (CDT)
Message-ID: <39919FDF.779F7BB4@state.net>
Date: Wed, 09 Aug 2000 13:15:59 -0500
From: Jon <jon@state.net>
X-Mailer: Mozilla 4.73 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: David Daugherty <doc@wcug.wwu.edu>
Cc: questions@FreeBSD.ORG
Subject: Re: fake telnet
References: <Pine.LNX.3.96.1000809103900.11190A-100000@sloth>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello David,

There are 'honey pot' servers available for luring people into your
system, but think about a couple things:

> Has anyone written a configurable fake telnet program? The idea I had was
> to copy my own version of telnet over the installed ver. so that I could
> see what these system crackers are attempting on my system. Right now I
> have telnet and ftp turned off and having portsentry notify me when
> someone trys to access these ports. I only have an @home connection and

1) Even though the servers I've seen look benign, what if they had an
exploit, which would open up your system, and really make it
exploitable...

2) Why do you want the extra bandwidth being used by these people,
unless you have bandwidth to burn?

> I'm wondering where all these crackers are finding my IP from.

3) The IP is probably found by people that understand what bridge group
IP ranges or PPP pools are available for DSL or dialup connections. 
This isn't that hard, since many ISP's use host names that usually have
ppp, dialup, 33k, 56k, dsl, or some other indicator.  Once that is
found, they usually scan that subnet for holes, because, unlike many
people on this list (there's probably a couple black hatters, though ;),
they have way too much time on their hands :-)

HTH

Jon

> 
> David
> Software Engineer - NetManage
> Work email: david.daugherty@netmanage.com
> Home email: doc@wcug.wwu.edu
> ICQ 21106703
> Washington State Resident
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message