1. Listen with an apparently vulnerable service on a standard port that's actually a dumb banner server 2. Ignore any exploit attempts and let skiddies keep retrying ad infinitum 3. ???? 4. PROFIT!
Kind of like la brea but instead of a TCP tar pit send a response that look like a sucessful exploit but is a pre-crafted packet. Head meets brick wall. Repeat. Jim On 21/10/2009, Adrian Crenshaw <[email protected]> wrote: > Oh, I just thought of another one, when they attempt to hack your site and > fail, have clippy pop up and offer advice. I implemented that on my site > awhile back just for kicks and to learn about PHP-IDS: > > http://www.irongeek.com/i.php?page=%27%20or%201=1%20-- > > Adrian > > > > On Tue, Oct 20, 2009 at 9:34 PM, John Strand <[email protected]> wrote: > >> Dear god..... >> >> Go with it. >> >> john >> >> On Wed, Oct 21, 2009 at 5:55 AM, Adrian Crenshaw >> <[email protected]>wrote: >> >>> I'm wanting to go to Shmoocon next year, but the only way I can see to >>> afford it is to be a speaker. That, and being able to get ticks can be >>> tough. I've submitted some talks a few months ago, but I just submitted >>> this >>> one today, let me know if you have ideas to add: >>> >>> Title/Abstract/Details: >>> Funnypots and Skiddy Baiting >>> Ever wanted to screw with those that screw with you? Honeypots might be >>> ok >>> for research, but they don’t allow you to have fun at an attacker’s >>> expense >>> the same way funnypot and skiddy baiting does. In this talk I’ll be >>> covering >>> techniques you can use to scar the psyche or to have fun at the expense >>> of >>> attackers or people invading your privacy. Some of the topics to be >>> covered >>> are: >>> Fun with DNS and Loopback >>> SWATing for Packets >>> Lemonwipe your drive >>> Robots.txt trolling >>> And more… >>> >>> More details: >>> “Fun with DNS and Loopback” is about making people attack their own host, >>> but doing it in a way that is less obvious than telling them “my IP is >>> 127.0.0.1”. >>> >>> “SWATing for Packets” is similar to the above, but you set the DNS entry >>> to point to an NSA/FBI/Whitehouse IP address. >>> >>> “Lemonwipe your drive” why wipe your drive with all zeros or random data >>> when you can have a million copies of lemon party for an examiner to >>> find. >>> >>> “Robots.txt trolling” go look at the one at irongeek.com, you will get >>> the idea. >>> >>> I hope to add more items as I think of them. >>> >>> Previously presented at: This would be the first time. >>> >>> Facilities: Power and a projector that accepts VGA input. >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > -- Sent from my mobile device _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
