Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: thomas r stromberg (tstrombergrtci.com)
Date: Mon Mar 19 2001 - 15:32:40 CST
On 19-Mar-2001, shawn . moyer popped this into my mailspool:
> James Hoagland wrote:
> > If you like that idea, you might want to check out the Deception
> > Toolkit, originally developed a few years ago:
> > http://www.all.net/dtk/
> > Haven't played with it myself, but I heard Fred Cohen talk about it
> > last week at UC Davis.
> DTK is still cool, but it hasn't been very actively maintained for
> awhile. I do some similar stuff with netcat and fake banners (i.e. nc -l
> < banner.txt) to create dummy services and other fun stuff. So far,
> though, redirecting stuff to chargen has been the most fun, just to
> watch someone hit that port and be completely baffled.
I have even more fun now.. I setup virtual IP's on my snort box that
appear to have a 'loaded' inetd setup, which any packet to gets
logged into snort. Each service is actually an inetd entry pointing
to a tiny C program I wrote this weekend:
That basically sends some format attacks, flash2.c (you remember
that IRC attack), and a bunch of beeps.. just to annoy the attacker.
To be nice, it will only run for 10 minutes, and sets it's 'nice'
priority to 20. It will just pump out data from inetd, and like
chargen: a lot of it. If your wondering about the line after the
flash/beeps, it's the keyboard layout in dvorak :)
For humor, try LeechFTP or PuTTY against it.
For extra humor, I also set this on our entire network:
rdr fxp0 0.0.0.0/0 port 111 -> <angelfish ip> port 111 tcp/udp
rdr fxp0 0.0.0.0/0 port 135 -> <angelfish ip> port 135 tcp/udp
rdr fxp0 0.0.0.0/0 port 139 -> <angelfish ip> port 139 tcp/udp
(disclaimer: I'm not a C programmer. Only tested in FreeBSD)
-- thomas r. stromberg work: tstrombergrtci.com research triangle commerce (icc.net) home: thomasstromberg.org "I believe because it is absurd" -- Tertullian.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org
iD8DBQE6tnr3r345RqTSlmIRAnaBAKCONhHRFpMyWmymi7Hh7Rzcb8vDGgCfRATu BpdATlbOc4uugkOC9MeHVkk= =OG9H -----END PGP SIGNATURE-----
_______________________________________________ Snort-users mailing list Snort-userslists.sourceforge.net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users