that sounds interesting. although it might not work too well at WPI. i think the bester box would go nuts next time it randomly scanned my computer for vulnerabilities. On Fri, Oct 3, 2008 at 3:22 AM, Jeff Kinz <jkinz@kinz.org> wrote:
Eric - one way to stop the attacks is to let them in....
Time for a honeypot! IIRC a very simple C program can keep these guys occupied for hours..
Suggestion - move your ssh access port, and run THP
Tiny Honeypot Quote:
Wouldn't it be nice if every single unsolicited connection attempt tied up the attacker who launched it by appearing to actually work, all the while providing a little insight into their motives and intents? thp appears to listen on all ports otherwise not in legitimate use, providing a series of phony responses to attacker commands. Some are very simple, others are somewhat more interactive. The goal isn't to fool a skilled, determined attacker...merely to cloud the playing field with tens of thousands of fake services, all without causing unreasonable stress on the thp host.
* Changelog: http://www.alpinista.org/files/thp/thp-0.4.4/CHANGELOG * Download: http://www.l0t3k.net/tools/Honeypot/thp-0.4.6.tar.gz * Home: http://www.alpinista.org/ * License: GNU General Public License * MD5SUM: 227ef8a3cedb49a1c634298f71a5832b * Platform(s): Linux
-- _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug