honey porter, hurryporter...


On Sat, Oct 22, 2011 at 2:26 AM, Jim Halfpenny <[email protected]>wrote:

> And usually empty. I approve!
>
>
> On Friday, 21 October 2011, Ty Purcell <[email protected]> wrote:
> > Pooh.
> >
> >
> >
> > Pooh’s Hunny Pot was quite portable..
> >
> >
> >
> > From: [email protected] [mailto:
> [email protected]] On Behalf Of John Strand
> > Sent: Friday, October 21, 2011 11:06 AM
> > To: PaulDotCom Security Weekly Mailing List
> > Subject: Re: [Pauldotcom] portable honeyport tool waiting for a name
> >
> >
> >
> > Pooh
> >
> > Sent from my phone.
> >
> > On Oct 21, 2011 9:59 AM, "Tim Krabec" <[email protected]> wrote:
> >
> > In honor of Larry's Disney vacation I vote Pooh
> >
> > On Fri, Oct 21, 2011 at 11:16 AM, Jim Halfpenny <[email protected]>
> wrote:
> >
> > Portable Honey Pot or PHP for short... oh wait!
> >
> > On 21 October 2011 15:15, Ron Gula <[email protected]> wrote:
> >> HoneySpot  ?
> >>
> >> Ron Gula
> >>
> >> -----Original Message-----
> >> From: [email protected] [mailto:
> [email protected]] On Behalf Of Larry Pesce
> >> Sent: Friday, October 21, 2011 10:05 AM
> >> To: [email protected]
> >> Subject: Re: [Pauldotcom] portable honeyport tool waiting for a name
> >>
> >> A name?
> >>
> >> Portable.  Honeypot.
> >>
> >> How about Portapotty?
> >>
> >> :-)
> >>
> >> - L
> >>
> >> On 10/16/11 12:18 PM, Chris Benedict wrote:
> >>> After listening to the pdc guys talk about "honeyports" on the pdc
> podcast I decided to run with the idea a bit further.  I'm not sure if this
> has been done yet or not, but I've written a program in Ruby to implement
> honeyports with some extra features thrown into the mix.  For info on
> honeyports check out john strand's tech segments on episodes 203 and 204 of
> the pdc podcast.
> >>>
> >>> You can use a raw tcp listener (netcat-style) to trigger blacklisting
> or you can write modules to emulate a ftp server or web server or whatever
> that can, for instance, give a banner and version info but blacklist on
> attempted logins.  When a host trips one of the alarms it broadcasts a
> signed udp alert to all the other hosts on the lan so they can act on it
> also.  Alerts can be handled by different modules too, so far I have only
> written a commandline module that simply executes a command with an ip
> address as an argument that you can use to insert an ip into a blacklist
> table in pf for instance.  Something like a syslog or mysql module wouldn't
> be too difficult to write.
> >>>
> >>> As far as making it secure goes, it has some more work to be done.
>  Broadcasted alerts are cryptographically signed and verified but I need to
> implement some stuff to prevent replay attacks and I need to add in
> whitelisting and thresholding to make it more difficult to use as a weapon
> against the user's own network.
> >>>
> >>> So, I've tried to make the code all very modular so its functionality
> can be tweaked or extended pretty well (the sky should be the limit).  The
> end-goal is to come up with some code that you can drop onto every box on a
> lan that can run a ruby interpreter (jruby for instance).  It would make the
> entire network go dark once an attacker starts grabbing banners or
> connecting to ports.
> >>>
> >>> This is going to be my first project to be released and it doesn't have
> a name yet.  So, if anyone has any ideas for a name send them my way.  Once
> I have it named I will put it in a public repo on github with a BSD license
> for anyone to get to and contribute.
> >>>
> >>> -Chris Benedict
> >>>
> >>> _______________________________________________
> >>> Pauldotcom mailing list
> >>> [email protected]
> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >>> Main Web Site: http://pauldotcom.com
> >> _______________________________________________
> >> Pauldotcom mailing list
> >> [email protected]
> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >> Main Web Site:
>
> _______________________________________________
> Pauldotcom mailing list
> [email protected]
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Reply via email to