[Dshield] I'm FINALLY going to setup a honeypot - could use some input.
lists at webcrunchers.com
Wed Mar 10 23:27:01 GMT 2004
I FINALLY acquired a machine and connectivity to setup a PC WinBlows
and a large selection of IP blocks I can stick it on.
One of my first ideas is to deliberately infect it, and sniff the
watch what kinds of traffic flys over the net, and hope to acquire
information to learn about the protocols of the TCPIP and UDP
the infected machine what whoever or whatever tries to control it.
Has anyone on this list done this yet? Can a well configured sniffer
information to learn and obtain a Snort attack signature which can
I also heard it's possible to detect the 'knock knock' protocol now in
use by some
spam trojans. These are specially crafted pings that in effect can
"wake up" sleeping
trojans previously undetectable by scanning software. I'm just
learning of the new
Snort features that might make this possible.
If anyone wants to share info with me, please contact me...
More information about the list