Date: Wed, 9 Aug 2000 11:35:50 -0700 (PDT) From: David Daugherty <doc@wcug.wwu.edu> To: Jon <jon@state.net> Cc: questions@FreeBSD.ORG Subject: Re: fake telnet Message-ID: <Pine.LNX.3.96.1000809113051.12456A-100000@sloth> In-Reply-To: <39919FDF.779F7BB4@state.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Aug 2000, Jon wrote: > There are 'honey pot' servers available for luring people into your > system, but think about a couple things: > > > Has anyone written a configurable fake telnet program? The idea I had was > > to copy my own version of telnet over the installed ver. so that I could > > see what these system crackers are attempting on my system. Right now I > > have telnet and ftp turned off and having portsentry notify me when > > someone trys to access these ports. I only have an @home connection and > > 1) Even though the servers I've seen look benign, what if they had an > exploit, which would open up your system, and really make it > exploitable... > > 2) Why do you want the extra bandwidth being used by these people, > unless you have bandwidth to burn? I'm considering writing my own fake telnet program so I can see what these crackers are doing once they think they're getting in. With all of the usual protections to keep them from exiting to a shell. > > I'm wondering where all these crackers are finding my IP from. > > 3) The IP is probably found by people that understand what bridge group > IP ranges or PPP pools are available for DSL or dialup connections. > This isn't that hard, since many ISP's use host names that usually have > ppp, dialup, 33k, 56k, dsl, or some other indicator. Once that is > found, they usually scan that subnet for holes, because, unlike many > people on this list (there's probably a couple black hatters, though ;), > they have way too much time on their hands :-) Running portsentry I don't get to see how they got to me. Through my IP, or through my Cxxxxxx-A.myloc.cable.modem, or through my alias mydomain.dhs.org. I'd like to be able to latch onto this and see how they're getting to me. David Software Engineer - NetManage Work email: david.daugherty@netmanage.com Home email: doc@wcug.wwu.edu ICQ 21106703 Washington State Resident To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.1000809113051.12456A-100000>