[Dshield] Server

Chris Wright dshield at yaps4u.net
Sat Aug 20 01:18:54 GMT 2005


> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Glenn Jarvis
> Sent: Saturday, August 20, 2005 2:11 AM
> To: list at lists.dshield.org
> Subject: Re: [Dshield] Server
> >
> >
> >Of the three IP address conducting this scan, one is from the Sprint 
> >network out of REDMOND, WA.
> >
> >Maybe you've been crawled by one of Microsoft's HoneyMonkeys...
> >
> Forgive me Mikel, I'm nowhere near as knowledgable as you 
> folks. I'm not entirely sure what a HoneyMonkey is....


A "Honeypot" is a machine (could be a machine) that you set up with no
firewall, or a mailsever as an open relay that you 'hope' someone finds and
starts to abuse.  You then trace and track the abuser that way.

It could be a webpage with an email address on it that you hope spammers
will find and then you can find them that way...


A HoneyMonkey is an active process... It's a process that actively goes out
to the big wide web and looks for problems whether it be vulnerable
machines, or machines that are performing actions that they shouldn't.

There was some talk in earlier posts about MS setting up some HoneyMonkeys
(boy it is getting late here, I actually typed MoneyHonkeys and nearly sent
that !!).
The Microsoft project is called Strider and you can read about it here:



More information about the list mailing list