Date: Thu, 10 Aug 2000 09:22:28 +0200 From: Mark Rowlands <mark.rowlands@minmail.net> To: David Daugherty <doc@wcug.wwu.edu>, Jon <jon@state.net> Cc: questions@FreeBSD.ORG Subject: Re: fake telnet - somewhat off topic - what are you going to do with the info anyway? Message-ID: <00081009401000.11116@marbsd.tninet.se> In-Reply-To: <Pine.LNX.3.96.1000809113051.12456A-100000@sloth> References: <Pine.LNX.3.96.1000809113051.12456A-100000@sloth>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 09 Aug 2000, David Daugherty wrote: > On Wed, 9 Aug 2000, Jon wrote: > > > There are 'honey pot' servers available for luring people into your > > system, but think about a couple things: > > > > > Has anyone written a configurable fake telnet program? The idea I had was > > > to copy my own version of telnet over the installed ver. so that I could > > > see what these system crackers are attempting on my system. Right now I > > > have telnet and ftp turned off and having portsentry notify me when > > > someone trys to access these ports. I only have an @home connection and snip > Running portsentry I don't get to see how they got to me. Through my IP, > or through my Cxxxxxx-A.myloc.cable.modem, or through my alias > mydomain.dhs.org. I'd like to be able to latch onto this and see how > they're getting to me. have you looked at snort? - but what are you going to do with the info anyway? As a little project, I collected up logs of all of the dopey subseven / netbus / squid / wingate proxy and assorted other scans/vulnerability probes on my system over a month. Totalled up the top 10 offenders (Hallo UUNET) and sent the logs of to the relevant isp (with explanation as to log formats / timezones etc - basically everything recommended bi GIAAC. Top marks to UUNET well, actually, they were the only one who responded. So unless you have a burning need to know where the dullards are coming from which btw is usually Daytona Beach in my case .... > David > Software Engineer - NetManage > Work email: david.daugherty@netmanage.com > Home email: doc@wcug.wwu.edu > ICQ 21106703 > Washington State Resident > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Mark Rowlands +4686224510 GMT + 1 _______________________________________________ These opinions are mine, they are just opinions you are free to disagree, please do so quietly _______________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00081009401000.11116>