From owner-freebsd-questions Thu Aug 10 0:45:31 2000 Delivered-To: freebsd-questions@freebsd.org Received: from rush.telenordia.se (mail.telenordia.se [194.213.64.42]) by hub.freebsd.org (Postfix) with SMTP id 179DB37BA48 for ; Thu, 10 Aug 2000 00:45:24 -0700 (PDT) (envelope-from mark.rowlands@minmail.net) Received: (qmail 18180 invoked from network); 10 Aug 2000 09:45:11 +0200 Received: from bb-62-5-4-193.bb.tninet.se (HELO marbsd.tninet.se) (62.5.4.193) by mail.telenordia.se with SMTP; 10 Aug 2000 09:45:11 +0200 From: Mark Rowlands Reply-To: mark.rowlands@minmail.net To: David Daugherty , Jon Subject: Re: fake telnet - somewhat off topic - what are you going to do with the info anyway? Date: Thu, 10 Aug 2000 09:22:28 +0200 X-Mailer: KMail [version 1.0.28] Content-Type: text/plain Cc: questions@FreeBSD.ORG References: In-Reply-To: MIME-Version: 1.0 Message-Id: <00081009401000.11116@marbsd.tninet.se> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 09 Aug 2000, David Daugherty wrote: > On Wed, 9 Aug 2000, Jon wrote: > > > There are 'honey pot' servers available for luring people into your > > system, but think about a couple things: > > > > > Has anyone written a configurable fake telnet program? The idea I had was > > > to copy my own version of telnet over the installed ver. so that I could > > > see what these system crackers are attempting on my system. Right now I > > > have telnet and ftp turned off and having portsentry notify me when > > > someone trys to access these ports. I only have an @home connection and snip > Running portsentry I don't get to see how they got to me. Through my IP, > or through my Cxxxxxx-A.myloc.cable.modem, or through my alias > mydomain.dhs.org. I'd like to be able to latch onto this and see how > they're getting to me. have you looked at snort? - but what are you going to do with the info anyway? As a little project, I collected up logs of all of the dopey subseven / netbus / squid / wingate proxy and assorted other scans/vulnerability probes on my system over a month. Totalled up the top 10 offenders (Hallo UUNET) and sent the logs of to the relevant isp (with explanation as to log formats / timezones etc - basically everything recommended bi GIAAC. Top marks to UUNET well, actually, they were the only one who responded. So unless you have a burning need to know where the dullards are coming from which btw is usually Daytona Beach in my case .... > David > Software Engineer - NetManage > Work email: david.daugherty@netmanage.com > Home email: doc@wcug.wwu.edu > ICQ 21106703 > Washington State Resident > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Mark Rowlands +4686224510 GMT + 1 _______________________________________________ These opinions are mine, they are just opinions you are free to disagree, please do so quietly _______________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message