Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > pen-test > 03 > 060891.html (Request Expert securityfocus.com Support)

RE: Honeypot detection and countermeasures

From: Bojan Zdrnja <Bojan.Zdrnja(at)LSS.hr>
Date: Wed Jun 25 2003 - 00:54:49 EDT

> -----Original Message-----

I had to comment on this ...

Keep in mind that tools aren't everything as well!

*Anyone* can probably run Nessus or ISS against your host, but can everyone read it's results? Can everyone point possible weaknesses in your security? _Of course not_, and that's why you hire external penetration testers who have experts for those fields.

Regarding honeypots - as Lance said, there are many, many types of honeypots. Some are really easy to get into, while the other aren't.

Regarding this thread, it's obvious that you can't get tools by only watching network traffic, but there are million other possibilities to deploy honeypots, which *can* get tools you need.

I had a honeypot which had 2 network cards. One was connected to the Internet and the other one was connected to something what looked like a hardened server in a special DMZ. Now, after honeypot was compromised, attacker obviously wanted to get to that other server and he had to upload his tools to honeypot.

Do you need help?X

This is just one example of possible deployment. YMMV.

Best regards,

Bojan Zdrnja


Latest attack techniques.

You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1 or call 617-399-6980

Received on Wed Jun 25 12:36:33 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:38 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library