I have a full honeynet that I run for Securitywriters.org. We have Windows 2000 servers running exchange, Terminal services, and etc. We have linux Redhat 6 and 7 and a solaris box in there as well. So far to date, I have to agree, thee boxes that are hardened have yet to be succesfully taken. They have had some silly exploits like ftp directories created and such, but nothing really worth while. It seems that unless you have a commmon exploitable hole, or you just misconfigured a service, you probably dont have a lot to worry about unless you are targeted.

The boxes that have not been patched, get run over with simple script attacks over and over and provide no real value.

Charles

-----Original Message-----
From: secadminfsmail.net [mailto:secadminfsmail.net]
Sent: Saturday, July 27, 2002 6:59 PM
To: honeypotssecurityfocus.com
Subject: Honeypots vs Penetration testing

Hello There,

I setup my little honeypot for 8 months now using RedHat 6.2 and during the first couple of months it was attacked and compromised a few time "COOL", but yup but since installing RedHat 7 which is fully patched it wasn't compromised even once the only then it detected it was some scans which happens every time.

So, I guess by Harding an OS, honeypot losses it's greatest value which is learning since no break-ins or attempts to compromised it decreases as I saw in the last a few months.

My question is did anyone try to harden their boxes and were able to detect new kind of attacks? As a pen tester I couldn't find any new info on new trends of attacks that help me in my field the same old exploit and tactics.

Cheer, Sam

_______________________________________________________________________
Freeserve AnyTime, only £13.99 per month with one month's FREE trial!
For more information visit http://www.freeserve.com/time/ or call free on 0800 970 8890

________________________________________________________________
The information contained in this message is intended only for the recipient, may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer.

Thank you,
Standard & Poor's

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]