|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
RE: Honeypot detection and countermeasures
Date: Tue Jun 24 2003 - 10:02:51 EDT
On Tue, 2003-06-24 at 21:48, Rob Shein wrote:
> First off, I still maintain that watching the attack will NOT tell you which
Didn't expect my reply heating up the thread so much, but I feel like I need to put more wood on the fire:
If a honeypot / honeynet can't get the tools used, how come every single "research" honeypot dump I've seen so far have a collection of tools that has been used? Because the attacker put them there of course! If you need a spring board into a network (happens to me more often then you think) you need to put at least a small collection of tools on the server. Now, what if those tools were copied somewhere else?
Of course, if you get yourself a talk-the-talk PT guy/companies, all the tools can already be found on the net. But there are PR guys/companies that has a collection of lesser known/unknown tools. From my point of view the only difference between a good guy/company (PT vendor) and a bad guy (script kiddie, 'leet hacker) is the good guy asks for permission and gives a report, while you will never hear form the bad guy.
When it comes to PT companies the in-house/limited exposure tools would be counted as trade secrets and intellectual properties (for a limited time, until they hit pen-test/bugtraq). But never the less the tools are what separate them from the rest.
Seriously, would you pay big bucks for someone to run Nessus against the systems when you can just DIY such test yourself?
Best regards
Michael Boman
-- Michael Boman Security Architect, SecureCiRT Pte Ltd http://www.securecirt.com
- application/pgp-signature attachment: This is a digitally signed message part
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:38 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |