Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fun Things To Do With Your Honeypot System

Posted by ryuzaki0 on from the more-than-just-keeping-bees dept.

An anonymous reader writes "Whitedust is running an interesting article on honeypots and their uses. From the article: 'Most papers deal with the potential gains a honeypot can give you, and the proper way to monitor a honeypot. Not very many of them deal with the honeypots themselves... Honeypots can be used to ensnare and beguile potential hackers; entice them to give you more research information, and actively defend your production network."" From the article: "Once an attacker has taken all the trouble to set up shop on your honeypot, he'll probably want to see what else there is to play with. If your honeypot is like most traditional honeypots, there's not much for an attacker to do once he gets in. What you really want if for the attacker to transfer down all the other toys in his arsenal so you can have a copy as well. Giving an attacker additional targets with various operating systems and services can help him decide to give you his toys. The targets can be real, but you'll get almost as much mileage if they're simulated. A good place to start is to put a phantom private network up hung off the back of the honeypot."

13 of 136 comments (clear)

  1. And a fun way to get free warze. by LWATCDR · · Score: 5, Interesting

    Just put on unpatched Win 98 box naked on the Internet and a wait. You will soon have a hard drive full of porn and warze.

    Actually it sounds like fun. Throw up VMWare and a few images and you could make an enter virtual network for a hacker to go nuts over.
    Add in a PDP-11 Emulator, some hacked NASA and Air Force sites, a fake database or two, some Word documents showing that the US has a secert base in the middle of the everglades.....
    could be fun.
    Sounds like a great Hacker DnD game. Get a bunch of people to set up these things and the game is too find out what the is going on. :)

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
    1. Re:And a fun way to get free warze. by Joe+U · · Score: 4, Insightful

      And if he corrects it to read:

      "Thou shall not use any programming language that works on only one OS. "

      Then it's a typographical error, most likely a soft-broken 'Y' key, and the joke falls apart. Making fun of someone with a broken keyboard is just mean. He might be on his way to CompUSA right now for all you know.

      Now, if he corrects it to read:

      "Thou shall not use a programming language that works on only one OS. "

      Then it's grammatical, and the joke will hold up. The world will be safe from poor grammar. You will have fulfilled your destiny. Crush the lesser races, conquer the galaxy, unimaginable power, unlimited rice pudding...Etcetera, etcetera...

      (or not)

    2. Re:And a fun way to get free warze. by Anonymous Coward · · Score: 4, Informative

      I'm surprised a /.'er would recommend VMware, with XEN the clear winner in the honeypot niche. Just check out The Potemkin Honeyfarm for more info... These guys are actually able to deploy an image is less than a second and do all sorts of whacky business to delude hackers into believing they're roaming the internet freely :-)

    3. Re:And a fun way to get free warze. by NormalVisual · · Score: 4, Funny

      That reminds me of a joke I heard years ago:

      A new Harvard freshman was lost and looking for the library. He approached what obviously was an upperclassman, and asked "Excuse me, could you please tell me where the library is at?" The upperclassman looked down his nose at the freshman, and replied, "My good sir, here at Harvard we do *not* end our sentences with a preposition." The freshman is a bit taken aback, and rephrases his question: "Okay, could you please tell me where the library is at, asshole?"

      There aren't too many grammar jokes out there, so I guess you have to take them as you can get them.

      --
      Please stand clear of the doors, por favor mantenganse alejado de las puertas
  2. Re:Think you missed the point... by heinousjay · · Score: 5, Funny

    Why don't you just secure your network and you don't have to worry about it

    Oh, is that all? Good to see you've boiled network security down to a single step. I'd say write a book, but it would only have one page so that's probably a waste of your time.

    --
    Slashdot - where whining about luck is the new way to make the world you want.
  3. a fake shell by Per+Wigren · · Score: 4, Funny
    Something funnier (IMHO) would be to write a simple wrapper over the shell which gives crazy error messages and other things:
    root@honeypot:~# whoami
    I have no idea.
    root@honeypot:~# ls
    PRESS PLAY ON TAPE
    root@honeypot:~#
    and so on... :)
    --
    My other account has a 3-digit UID.
  4. Most people.. by dubbreak · · Score: 5, Funny

    Most people use their honey pots for surfing the web, checking email and sometimes playing games.

    --
    "If you are going through hell, keep going." - Winston Churchill
  5. Risk to others by Anonymous Coward · · Score: 5, Insightful

    What if someone uses the trojans, etc. they install on your honeypot to launch an attack on some other site? Since your express purpose is to watch what they do, you can't claim ignorance.

    Are you liable for any damages?
    Are you causing problems for law enforcement or other sysadmins by helping the attacker obscure their identity?

    Seems like you would need to filter outbound traffic VERY carefully. It would be almost impossible to do this without the attacker knowing -- they'd realize it was a honeypot and get the hell out of there.

  6. Honey can lead to infant botulism by itismike · · Score: 5, Funny

    Sorry to do this, but I think that it is somewhat careless to assume that all new parents that might be reading Slashdot are in fact aware of the unique danger that honey presents to infants. Just in case someone comes across this and isn't aware, please look into the concerns related to infant botulism before getting the bright idea to feed your newborn some honey. Now go ahead and make the jokes - I just think that this needed to be said.

  7. Fun things to put on honeypots by Animats · · Score: 4, Funny
    • Call up a venture capitalist friend and ask for some rejected business plans for really stupid business ideas. Put them on your honeypot.
    • Get some publicly available geophysical data for real oil wells, and change all the locations to somewhere else with comparable geology but no oil.
    • Get some rejected porno images from people in the industry. Buy the reproduction rights. Put Digimarc watermarks on them. Wait for them to reappear elsewhere. Sue. Profit.
  8. Consider how this one looks to a visiting non-Geek by umbrellasd · · Score: 4, Funny
    "Fun Things To Do With Your Honeypot System"

    non-Geek: "Is this a sexual reference? I don't get it...are they talking about that weird cyber thing?"

  9. That was my experience in late-90s as well by billstewart · · Score: 4, Interesting
    I used to have a lab with a DSL like and a couple of quasi-honeypot machines on it. The Win95 (or was it Win98?) machine was never bothered; the RedHat 6 machine kept getting brutally attacked every week so after a few rebuilds I named it "kenny". Now, the Windows machine was partly not bothered because it wasn't doing anything interesting enough to be very vulnerable - there wasn't a web or FTP server, it wasn't sharing any disks or printers, I usually used Netscape browsers instead of IE, and if you did break in all you'd get for your trouble was a Windows machine. I had another Linux box on the network that was always running a scrolling tcpdump (AFAIK nobody ever bothered it - I had fewer services installed on it because it only had 500MB disk), and could see a variety of interesting traffic.
    • One week I saw it sending lots of pings to a university in Sweden. I checked with the admin there, who said it looked like my machine had been infected with Stacheldraht DDOS client and was reporting back to an infected machine at his site, and told me how to clean it up.
    • Another week the pings were to Washington University in St. Louis. I forget whether their machine had attacked mine or mine had attacked theirs, but either way it seemed appropriate since they'd probably used wuftpd to break in to my machine. Cleaned it up again.
    • Another week I did a "find" looking for something under root's home directory, and found a whole ~/.something directory I didn't recognize. I did an "ls", which couldn't find that directory - they'd replaced /bin/ls, but forgot to update the date stamp on the file, and also forgot to update the date stamp on /bin/ps. "ps" was hacked to not report the processes they were running from their hidden ~/.whatever directory - but "ls" wasn't hacked to hide things in /proc :-). So I cleaned up their semi-clever little rootkit.
    • After I cleaned up one of the latter two attacks, their next act was an "rm -rf /" on poor Kenny. Stupid thugs; at least they could have tried something interesting.
    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  10. It's all fun and games... by JustJake · · Score: 4, Insightful

    until someone uses your honeypot as a platform to attack someone else. Or were you thinking that bad guys never use machines under their control in this manner?

    Who are these security people with so much free time that they can monitor a honeynet for hours on end and create bogus traffic to move across it in order to entertain a bored 16-year-old hacker from who knows where? Every serious professional I know is up to his eyeballs in real work.