honey porter, hurryporter...
On Sat, Oct 22, 2011 at 2:26 AM, Jim Halfpenny <[email protected]>wrote: > And usually empty. I approve! > > > On Friday, 21 October 2011, Ty Purcell <[email protected]> wrote: > > Pooh. > > > > > > > > Pooh’s Hunny Pot was quite portable.. > > > > > > > > From: [email protected] [mailto: > [email protected]] On Behalf Of John Strand > > Sent: Friday, October 21, 2011 11:06 AM > > To: PaulDotCom Security Weekly Mailing List > > Subject: Re: [Pauldotcom] portable honeyport tool waiting for a name > > > > > > > > Pooh > > > > Sent from my phone. > > > > On Oct 21, 2011 9:59 AM, "Tim Krabec" <[email protected]> wrote: > > > > In honor of Larry's Disney vacation I vote Pooh > > > > On Fri, Oct 21, 2011 at 11:16 AM, Jim Halfpenny <[email protected]> > wrote: > > > > Portable Honey Pot or PHP for short... oh wait! > > > > On 21 October 2011 15:15, Ron Gula <[email protected]> wrote: > >> HoneySpot ? > >> > >> Ron Gula > >> > >> -----Original Message----- > >> From: [email protected] [mailto: > [email protected]] On Behalf Of Larry Pesce > >> Sent: Friday, October 21, 2011 10:05 AM > >> To: [email protected] > >> Subject: Re: [Pauldotcom] portable honeyport tool waiting for a name > >> > >> A name? > >> > >> Portable. Honeypot. > >> > >> How about Portapotty? > >> > >> :-) > >> > >> - L > >> > >> On 10/16/11 12:18 PM, Chris Benedict wrote: > >>> After listening to the pdc guys talk about "honeyports" on the pdc > podcast I decided to run with the idea a bit further. I'm not sure if this > has been done yet or not, but I've written a program in Ruby to implement > honeyports with some extra features thrown into the mix. For info on > honeyports check out john strand's tech segments on episodes 203 and 204 of > the pdc podcast. > >>> > >>> You can use a raw tcp listener (netcat-style) to trigger blacklisting > or you can write modules to emulate a ftp server or web server or whatever > that can, for instance, give a banner and version info but blacklist on > attempted logins. When a host trips one of the alarms it broadcasts a > signed udp alert to all the other hosts on the lan so they can act on it > also. Alerts can be handled by different modules too, so far I have only > written a commandline module that simply executes a command with an ip > address as an argument that you can use to insert an ip into a blacklist > table in pf for instance. Something like a syslog or mysql module wouldn't > be too difficult to write. > >>> > >>> As far as making it secure goes, it has some more work to be done. > Broadcasted alerts are cryptographically signed and verified but I need to > implement some stuff to prevent replay attacks and I need to add in > whitelisting and thresholding to make it more difficult to use as a weapon > against the user's own network. > >>> > >>> So, I've tried to make the code all very modular so its functionality > can be tweaked or extended pretty well (the sky should be the limit). The > end-goal is to come up with some code that you can drop onto every box on a > lan that can run a ruby interpreter (jruby for instance). It would make the > entire network go dark once an attacker starts grabbing banners or > connecting to ports. > >>> > >>> This is going to be my first project to be released and it doesn't have > a name yet. So, if anyone has any ideas for a name send them my way. Once > I have it named I will put it in a public repo on github with a BSD license > for anyone to get to and contribute. > >>> > >>> -Chris Benedict > >>> > >>> _______________________________________________ > >>> Pauldotcom mailing list > >>> [email protected] > >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>> Main Web Site: http://pauldotcom.com > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
