From owner-freebsd-questions@FreeBSD.ORG  Fri Sep 10 04:12:54 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5176316A4CE
	for <freebsd-questions@freebsd.org>;
	Fri, 10 Sep 2004 04:12:54 +0000 (GMT)
Received: from mail.freebsd-corp-net-guide.com
	(mail.freebsd-corp-net-guide.com [65.75.192.90])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DB84843D45
	for <freebsd-questions@freebsd.org>;
	Fri, 10 Sep 2004 04:12:53 +0000 (GMT)
	(envelope-from tedm@toybox.placo.com)
Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130])
	i8A4DIW78334;	Thu, 9 Sep 2004 21:13:19 -0700 (PDT)
	(envelope-from tedm@toybox.placo.com)
From: "Ted Mittelstaedt" <tedm@toybox.placo.com>
To: <m.hauber@mchsi.com>, <freebsd-questions@freebsd.org>
Date: Thu, 9 Sep 2004 21:12:52 -0700
Message-ID: <LOBBIFDAGNMAMLGJJCKNCEEIEPAA.tedm@toybox.placo.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
In-Reply-To: <200409091144.00787.m.hauber@mchsi.com>
Importance: Normal
Subject: RE: Tar pitting automated attacks
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Sep 2004 04:12:54 -0000



> -----Original Message-----
> From: owner-freebsd-questions@freebsd.org
> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Mike Hauber
> Sent: Thursday, September 09, 2004 8:44 AM
> To: freebsd-questions@freebsd.org
> Subject: Re: Tar pitting automated attacks
> 
> 
> How difficult would it be to have a "dummy" system setup on 
> the LAN where incoming SSH could be transparently routed 
> to.  In fact (and even the idea gives me the creeps), how 
> difficult would it be to change "root" to something else, 
> and then create a dummy root account.  I mean, if one is 
> attempting to get a cracker to waste his time, then why not 
> wet his whistle and let him think he's actually getting 
> somewhere?
> 
> I don't know anything about this kind of thing (I'm just not 
> devious enough, I guess).  How should I go about googling 
> this to learn more?  Is there a term for it?
> 

search the term "honeypot servers"

Ted