Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 28 Nov 2001 17:09:35 -0600
From:      Ronald Clark <rclark@swbanktx.com>
To:        'Bsd Neophyte' <bsdneophyte@yahoo.com>, freebsd-questions@freebsd.org
Subject:   RE: script-kiddie trap?
Message-ID:  <E1497354C15DD4119A5500204840E20503629043@swbtexch2.swbanktx.com>
index | next in thread | raw e-mail 

[-- Attachment #1 --]
Sameer, 

  Actually, there was a commercial software out made by NAI, and was a
part of the Cybercop line. It did just as you state, created a virtual
honey pot network and logged everything. I just checked their website,
and I'm afraid, they stopped making this package. Is there a "free"
software package that does something similar? Not that I am aware of.
Most honey pots now are just some machine loaded up with a basic OS
install and set out to see *when* it gets scanned, attacked, and
compromised. 

  Anyway, I hope this helps. If anyone can prove me wrong, please feel
free to do so. 

Thanks,
Ron Clark


-----Original Message-----
From: Bsd Neophyte [mailto:bsdneophyte@yahoo.com]
Sent: Wednesday, November 28, 2001 4:39 PM
To: freebsd-questions@freebsd.org
Subject: script-kiddie trap?



I remember something about a year or two ago.  Someone designed some
sort
of application that acted as a psuedo-network that would trap a
script-kiddie by giving them "access" to the network through something
that would appear to be a hole caused by popular trojans. (long sentance
I
know)

The false network was pretty convincing.  While the intruder would poke
around and cause mayhem, this tool would log everything about the person
so that you could file a pretty convincing case against them.

Is there anything like this that's free... better yet, included in the
ports?

-Sameer



__________________________________________________
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

[-- Attachment #2 --]
0	*H
010	+0	*H
0f0Ϡ
O[uj)0
	*H
0_10	UUS10U
VeriSign, Inc.1705U.Class 1 Public Primary Certification Authority0
980512000000Z
080512235959Z010U
VeriSign, Inc.10UVeriSign Trust Network1F0DU=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)981H0FU?VeriSign Class 1 CA Individual Subscriber-Persona Not Validated00
	*H
0ZDUz-Ox6
JoTw*h1ApzKHV-BD\B/;'
]6B3nTOJƚj$e~7jJ	00	`HB05U.0,0*(&$http://crl.verisign.com/pca1.1.1.crl0GU @0>0<`HE0-0++www.verisign.com/repository/RPA0U00U0
	*H
B|ߌyLMU/P^N.^2yeJRը1!l4x		BZъު"!e3 3
>5d$[h|7d
Ž33>>s0_0ȠcQ:4ݳ%0
	*H
010U
VeriSign, Inc.10UVeriSign Trust Network1F0DU=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)981H0FU?VeriSign Class 1 CA Individual Subscriber-Persona Not Validated0
011114000000Z
020113235959Z010U
VeriSign, Inc.10UVeriSign Trust Network1F0DU=www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)9810UPersona Not Validated1'0%UDigital ID Class 1 - Microsoft10U	Ron Clark1"0 	*H
	rclark@swbanktx.com00
	*H
0¯/k:21UN/#x,r@7ӔҲ@wWSoLXَwjŸTުI;~'"[r{
Uím'\_;(0h200	U00U 00`HE00(+https://www.verisign.com/CPS0b+0V0VeriSign, Inc.0=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0	`HB03U,0*0(&$"http://crl.verisign.com/class1.crl0
	*H
mSPBx e>J,Ðrh;%%4t47n<?
UrgbM!R4׭}"=Cjg"X{[钸AѢPdu*1V0R0010U
VeriSign, Inc.10UVeriSign Trust Network1F0DU=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)981H0FU?VeriSign Class 1 CA Individual Subscriber-Persona Not ValidatedcQ:4ݳ%0	+0	*H
	1	*H
0	*H
	1
011128230935Z0#	*H
	1<#Gd,PߤZ0v	*H
	1i0g0
*H
0*H
0+0+0
*H
(0+0+0
*H
0
*H
0	+710010U
VeriSign, Inc.10UVeriSign Trust Network1F0DU=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)981H0FU?VeriSign Class 1 CA Individual Subscriber-Persona Not ValidatedcQ:4ݳ%0
	*H
Th.Ӂ
q]dתR<?*Í[s;zgH϶0HD>R3ā{hy+e6Z7V<w}Aauz*DݳGjL'<'$
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1497354C15DD4119A5500204840E20503629043>