Re: [ANNOUNCE] protocol watcher

Jerry Shenk wrote:

>
> Is it possible to get LaBrea to use unused ports on a single IP address. I

This reminds me of an interesting article on setting up a cheap and cheerful honeypot using a couple of simple shell scripts and netcat which may or may not be of use to the original poster...?

http://www.securityhorizon.com/whitepapers/technical/honeypot.html

In a nutshell, the scripts start netcat processes listening on various significant ports. An elegant solution showing the power of netcat... I'm sure I saw a more detailed article along the same lines on another site, but of course I can't locate the URL now.

Netcat will only log TCP or UDP connections. For ICMP and other more unusual IP protocols you'll need a full-blown firewall.

cheers,

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

\a

> -----Original Message-----

>>I emailed the list previously asking if anyone knew of a way to
>>automatically accept and log all connections to a computer.  My thanks
>>to all that replied; unfortunately, I was unable to find exactly what I
>>wanted.  Since then, it occurred to me that this piece of software would
>>not be hard to write, so, three attempts later, it is written.

The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. The views expressed in this e-mail are those of the individual and not necessarily of MIS Corporate Defence Solutions Ltd. Any prices quoted are only valid if followed up by a formal written quote. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723410.