On Wed, Sep 11, 2002 at 09:33:04PM -0500, creiningpacketfu.org wrote:
> Hi all.
> I was wondering what others on this list have done to social engineer a
> honeypot box before deployment. By social engineer, I mean creating the
> look and feel of a box that has been in production for some matter of
> time. Multiple user accounts, files in /home/$user/, logs, etc. Of
> course, it would make sense to pick random MAC and creation values in
> case an attacker looks at long file output or stat. I was wondering if
> anyone does this pre-deployment, and if so, how and what?

<delurk>
I realize I'm pretty new to all this, but it would seem to me that a
good way of simulating a "real" box (in addition to the suggestions for
creating random logins/activity mentioned earlier) would be to actually
use data or some data from a real box. Maybe mirror a "real" server,
install the honeyd or whatever monitoring software on it / between it
and the 'net, and let people go at it. This way you have all the logs,
and userfiles that comprise a real working system.

Of course, you'd have to remove any sensitive user files, and I don't
know how dangerous it would be to leave real logs on...

</delurk>

-- 
Alan "Arcterex" <alanufies.org>   -=][=-   http://arcterex.net
"I used to herd dairy cows. Now I herd lusers. Apart from the isolation, I
think I preferred the cows. They were better conversation, easier to milk, and
if they annoyed me enough, I could shoot them and eat them." -Rodger Donaldson

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux)

iD4DBQE9hTuXXi0GrvpeI94RAlAJAJ4qncw9aj1ljXuMHBtGUsocq+zeiACYwf5Z h+o/SGBWKoEPoRDXcgIIAg== =4WNb -----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]