Date: Mon, 26 Jun 2000 03:03:57 -0400 (EDT) From: Mike Nowlin <mike@argos.org> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: "Jeffrey J. Mountin" <jeff-ml@mountin.net>, Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, Narvi <narvi@haldjas.folklore.ee>, security@FreeBSD.ORG Subject: Re: jail(8) Honeypots Message-ID: <Pine.LNX.4.21.0006260254440.10477-100000@jason.argos.org> In-Reply-To: <13330.961956810@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> In other words: a high-fidelity honey pot should probably be a
> machine of its own behind a rather facist firewall, but as a
> tripwire/indication a jail(8) based honeypot will do just fine.
I'm sure that most people have a 386 floating around that would work
nicely for this... You can make them more appealing to break into if
you provide lots of fake services - a simple C program can make it accept
TCP connect requests on a whole bunch of weird ports - port scanners will
jump at finding these machines....
I'll even give the machines away if you pick them up - you get several for
buying me a (cheap) lunch. I'm cleaning out the "dump the unused junk in
here" rooms at work. :)
--mike
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Understated/funny man-page sentence of the current time period:
From route(4) on FreeBSD-3.4, DESCRIPTION section:
"FreeBSD provides some packet routing facilities."
...duh.......
Mike Nowlin, N8NVW mike@argos.org http://www.viewsnet.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.21.0006260254440.10477-100000>