Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Alan (alan_at_ufies.org)
Date: Sun Sep 15 2002 - 21:01:59 CDT
On Wed, Sep 11, 2002 at 09:33:04PM -0500, creiningpacketfu.org wrote:
> Hi all.
> I was wondering what others on this list have done to social engineer a
> honeypot box before deployment. By social engineer, I mean creating the
> look and feel of a box that has been in production for some matter of
> time. Multiple user accounts, files in /home/$user/, logs, etc. Of
> course, it would make sense to pick random MAC and creation values in
> case an attacker looks at long file output or stat. I was wondering if
> anyone does this pre-deployment, and if so, how and what?
I realize I'm pretty new to all this, but it would seem to me that a
good way of simulating a "real" box (in addition to the suggestions for
creating random logins/activity mentioned earlier) would be to actually
use data or some data from a real box. Maybe mirror a "real" server,
install the honeyd or whatever monitoring software on it / between it
and the 'net, and let people go at it. This way you have all the logs,
and userfiles that comprise a real working system.
Of course, you'd have to remove any sensitive user files, and I don't
know how dangerous it would be to leave real logs on...
-- Alan "Arcterex" <alanufies.org> -=][=- http://arcterex.net "I used to herd dairy cows. Now I herd lusers. Apart from the isolation, I think I preferred the cows. They were better conversation, easier to milk, and if they annoyed me enough, I could shoot them and eat them." -Rodger Donaldson
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux)
iD4DBQE9hTuXXi0GrvpeI94RAlAJAJ4qncw9aj1ljXuMHBtGUsocq+zeiACYwf5Z h+o/SGBWKoEPoRDXcgIIAg== =4WNb -----END PGP SIGNATURE-----