From owner-freebsd-questions Wed Nov 28 15:10:14 2001 Delivered-To: freebsd-questions@freebsd.org Received: from teak.adhesivemedia.com (teak.adhesivemedia.com [207.202.159.79]) by hub.freebsd.org (Postfix) with ESMTP id 2EC3237B41B for ; Wed, 28 Nov 2001 15:10:03 -0800 (PST) Received: from localhost (philip@localhost) by teak.adhesivemedia.com (8.11.6/8.11.6) with ESMTP id fASNA1s18122; Wed, 28 Nov 2001 15:10:01 -0800 (PST) (envelope-from philip@adhesivemedia.com) Date: Wed, 28 Nov 2001 15:10:00 -0800 (PST) From: Philip Hallstrom To: Bsd Neophyte Cc: freebsd-questions@FreeBSD.ORG Subject: Re: script-kiddie trap? In-Reply-To: <20011128223859.30465.qmail@web20103.mail.yahoo.com> Message-ID: <20011128150837.A16801-100000@teak.adhesivemedia.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I remember reading an article about some folks at AT&T Belllabs I think it was that did something like this... and used it to notify the admins of the hosts the guy hacked from... It was a cool article, but that's all I remember about it. I seem to remember running across it while reading about "jail" in FreeBSD. You might be able to do it with that... or at least keep your own box sane while you modify the sources for the jail... -philip On Wed, 28 Nov 2001, Bsd Neophyte wrote: > > I remember something about a year or two ago. Someone designed some sort > of application that acted as a psuedo-network that would trap a > script-kiddie by giving them "access" to the network through something > that would appear to be a hole caused by popular trojans. (long sentance I > know) > > The false network was pretty convincing. While the intruder would poke > around and cause mayhem, this tool would log everything about the person > so that you could file a pretty convincing case against them. > > Is there anything like this that's free... better yet, included in the > ports? > > -Sameer > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. > http://geocities.yahoo.com/ps/info1 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message