that sounds interesting. although it might not work too well at WPI. i think the bester box would go nuts next time it randomly scanned my computer for vulnerabilities.

On Fri, Oct 3, 2008 at 3:22 AM, Jeff Kinz <jkinz@kinz.org> wrote:
Eric - one way to stop the attacks is to let them in....

Time for a honeypot! IIRC a very simple C program can keep these
guys occupied for hours..

Suggestion - move your ssh access port, and run THP

Tiny Honeypot
Quote:

Wouldn't it be nice if every single unsolicited connection
attempt tied up the attacker who launched it by appearing to
actually work, all the while providing a little insight into
their motives and intents? thp appears to listen on all ports
otherwise not in legitimate use, providing a series of phony
responses to attacker commands. Some are very simple, others are
somewhat more interactive. The goal isn't to fool a skilled,
determined attacker...merely to cloud the playing field with tens
of thousands of fake services, all without causing unreasonable
stress on the thp host.


   *   Changelog:
http://www.alpinista.org/files/thp/thp-0.4.4/CHANGELOG
   * Download:
http://www.l0t3k.net/tools/Honeypot/thp-0.4.6.tar.gz
   * Home: http://www.alpinista.org/
   * License: GNU General Public License
   * MD5SUM: 227ef8a3cedb49a1c634298f71a5832b
   * Platform(s): Linux





--
_______________________________________________
Wlug mailing list
Wlug@mail.wlug.org
http://mail.wlug.org/mailman/listinfo/wlug