--- "Omar Koudsi" <[EMAIL PROTECTED]> wrote: >I found that the best way to learn other than reading and implementing, >at least for me, is the honeypot approach, put a machine on the net with >a permanent address and see what kind of attacks it faces and how can >you counter them. It will also allow you to figure out firewalls and
I personally do not recommend to anyone to implement a honeypot unless they already know what they are doing. By definition, you are inviting yourself to be compromised and unless you know what you are doing the cracker may be in posession of your machine for quite some time before you even realize it. This allows the cracker a box from which to crack other systems. Now, indirectly, you are aiding and abetting a cracker. If you go this route, please be ultra-paranoid. Detecting and containing a skillful cracker can be non trivial. And a skillful cracker is what you are after with this approach. There is little to be learned from watching your box getting owned by a script kiddie. If you want to understand the methods of script kiddies then get and use their tools yourself against your own boxes on an isolated network. And even this really doesn't help you much unless you read the code and understand what the 'sploit' is doing. Just my 2p. P.S. much appy polly loggies to all real software "crackers" out there for my use of the term. _____________________________________________________________ Visit these sites today Blink 182 Fan Site - www.blink182.co.nz NZ Skateboarding - www.nzskate.com
