Hosting Provided By

Re: Honeypot detection and countermeasures

From: Acl Proxy <aclproxy(at)yahoo.com>
Date: Thu Jun 19 2003 - 15:03:18 EDT

('binary' encoding is not supported, stored as-is)
In-Reply-To: <20030617150317.F11919@red4est.com>

So far in every pen test I've conducted most of the addressing information was known up front. So if I ran into a honeypot or honeynet, it was just part of the overall equation. The clients were interested in what I could hack into and what vulnerabilities were present and needed to be closed. They weren't interested in paying me or my company $$ to waste time on whether I could evade a honeypot or not. It wasn't a test of my abilities, but of their security posture at that moment in time.

And always remember, the only dumb question is the one you don't ask. How are you ever going to learn without reading, trying and asking questions.

>Received: (qmail 30138 invoked from network); 17 Jun
2003 21:20:34 -0000
>Received: from outgoing2.securityfocus.com
(205.206.231.26)
> by mail.securityfocus.com with SMTP; 17 Jun 2003
21:20:34 -0000
>Received: from lists.securityfocus.com
(lists.securityfocus.com [205.206.231.19])
> by outgoing2.securityfocus.com (Postfix) with QMQP
> id 30AB08F284; Tue, 17 Jun 2003 15:21:30 -0600 (MDT)
>Mailing-List: contact pen-test-help@securityfocus.com;
run by ezmlm
>Precedence: bulk
>List-Id: <pen-test.list-id.securityfocus.com>
>List-Post: <mailto:pen-test@securityfocus.com>
>List-Help: <mailto:pen-test-help@securityfocus.com>
>List-Unsubscribe:

<mailto:pen-test-unsubscribe@securityfocus.com>
>List-Subscribe:

<mailto:pen-test-subscribe@securityfocus.com>
>Delivered-To: mailing list pen-test@securityfocus.com
>Delivered-To: moderator for pen-test@securityfocus.com
>Received: (qmail 31148 invoked by uid 0); 17 Jun 2003

19:52:04 -0000

>Date: Tue, 17 Jun 2003 15:03:17 -0700
preventing
>honeypots from being detected. I'd greatly appreciate
some feedback
>from pen-testers on the following issues:
existence of
>honeypots, and their location, so that it is an easy
matter to avoid
>them?
to see if the
>system under attack is a honeypot or a production machine?
31 in Las Vegas, the
>world's premier technical IT security event! 10
tracks, 15 training sessions,
>1,800 delegates from 30 nations including all of the
top experts, from CSO's to
>"underground" security specialists. See for yourself
what the buzz is about!
>Early-bird registration ends July 3. This event will
sell out. www.blackhat.com
>----------------------------------------------------------------------------
>
>

Latest attack techniques.

You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1 or call 617-399-6980

Received on Thu Jun 19 22:55:16 2003

This message: [ Message body ]
Next message: Alfred Huger: "New Article On SecurityFocus"
Previous message: viv3kr: "Advanced Port Scanner for Windows"
In reply to Larry Colen: "Honeypot detection and countermeasures"
Next in thread: Henry O. Farad: "Re: Honeypot detection and countermeasures"
Reply: Lampe, John W.: "RE: SV: Honeypot detection and countermeasures"
Reply: Gerardo Richarte: "Re: Honeypot detection and countermeasures"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:38 EDT