[ale] Honeypots

Stephen Turner artic_knight at yahoo.com
Mon Apr 28 18:45:58 EDT 2003


--- "James P. Kinney III" <jkinney at localnetsolutions.com> wrote:
> Bear in mind that the purpose of a honeypot is to collect attack
> profiles. If you want to be aware of when someone is tampering with your
> systems, you want to use an intrusion detection system. Those do not
> (yet) have the legal implications that a honeypot has.


yea ive heard great things about snort and trip wire and neat trix you can
do with snort too, like just sending the packets out on the network (to a
bogus ip) and having a invisible computer one that doesnt have an ip or
anything just a nic (unconfigured) connected to the network running snort,
supposedly this makes a sniffer that practically cant be hacked! im sure
theres a way but it makes it REALLY hard when you cant see, find, or
identify the computer that is sniffing these log packets over the network
;) easy hiding for a log dont you say? it was in a linux magazine, not
sure which one or the issue :( really cool articles tho! one about ghost
loggers the other about snort on a ghost logger! cool stuff.

going back to my new honey pot interest, i was going to use it for
security learning reasons, like watching how hackers behave and the
tactics they use, and maybe even trying to secure a server but leave it in
the open and see if it ever gets hacked and try to repair it ;) ya know,
tinkering stuff. plus it would make for interesting conversation to geek
friends! but first i need a bunch of cheep computers that have low power
consumption, hmmm... maybe some crusoe computers?

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list