Hosting Provided By

RE: SV: Honeypot detection and countermeasures

From: Lampe, John W. <JWLAMPE(at)GAPAC.com>
Date: Tue Jun 24 2003 - 12:20:42 EDT

If you lump LaBrea in with these honeypots (and I don't see why you wouldn't), then the check is trivial (in fact, NESSUS can optionally check for the existence of LaBrea prior to launching nmap...that's nice)

some of the pricey honeypots (hi ManTrap) are trivial as well.

And, when youve found some anomalous box on the network, it's always nifty to run a blackbox IP ID scanner against it (i.e. if the machine uses simple incrementing IP IDs, then record the ID every minute for a couple of days, then check back to see when the box traffic peaks...you might not find a honeypot, but you'll find lots of those reverse proxy / vpn thingees)

> -----Original Message-----
> From: dave@immunitysec.com [mailto:dave@immunitysec.com]
> Sent: Tuesday, June 24, 2003 10:45 AM
> To: pen-test@securityfocus.com

Latest attack techniques.

You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1 or call 617-399-6980

Received on Tue Jun 24 13:30:59 2003

This message: [ Message body ]
Next message: Gerardo Richarte: "Re: Honeypot detection and countermeasures"
Previous message: Alfred Huger: "Good example as to why it's wise to hire pen-testers"
Maybe in reply to: Trygve Aasheim: "SV: Honeypot detection and countermeasures"
In reply to Acl Proxy: "Re: Honeypot detection and countermeasures"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:38 EDT