From owner-freebsd-questions Wed Nov 28 15:14:52 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail2.swbanktx.com (mail2.swbanktx.com [63.89.83.247]) by hub.freebsd.org (Postfix) with ESMTP id 256C837B41B for ; Wed, 28 Nov 2001 15:14:39 -0800 (PST) Received: from swbtexcn1.swbanktx.com (unverified) by mail2.swbanktx.com (Content Technologies SMTPRS 4.1.5) with ESMTP id ; Wed, 28 Nov 2001 17:09:36 -0600 Received: by swbtexcn1.swbanktx.com with Internet Mail Service (5.5.2653.19) id ; Wed, 28 Nov 2001 17:09:36 -0600 Message-ID: From: Ronald Clark To: 'Bsd Neophyte' , freebsd-questions@freebsd.org Subject: RE: script-kiddie trap? Date: Wed, 28 Nov 2001 17:09:35 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_003D_01C1782F.744EC580" X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_003D_01C1782F.744EC580 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sameer, Actually, there was a commercial software out made by NAI, and was a part of the Cybercop line. It did just as you state, created a virtual honey pot network and logged everything. I just checked their website, and I'm afraid, they stopped making this package. Is there a "free" software package that does something similar? Not that I am aware of. Most honey pots now are just some machine loaded up with a basic OS install and set out to see *when* it gets scanned, attacked, and compromised. Anyway, I hope this helps. If anyone can prove me wrong, please feel free to do so. Thanks, Ron Clark -----Original Message----- From: Bsd Neophyte [mailto:bsdneophyte@yahoo.com] Sent: Wednesday, November 28, 2001 4:39 PM To: freebsd-questions@freebsd.org Subject: script-kiddie trap? I remember something about a year or two ago. Someone designed some sort of application that acted as a psuedo-network that would trap a script-kiddie by giving them "access" to the network through something that would appear to be a hole caused by popular trojans. (long sentance I know) The false network was pretty convincing. While the intruder would poke around and cause mayhem, this tool would log everything about the person so that you could file a pretty convincing case against them. Is there anything like this that's free... better yet, included in the ports? -Sameer __________________________________________________ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message ------=_NextPart_000_003D_01C1782F.744EC580 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIHzTCCA2Yw ggLPoAMCAQICEA2LT+6q0hhb9HVqnSnhf/swDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMx FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5 IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4MDUxMjAwMDAwMFoXDTA4MDUxMjIzNTk1OVow gcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3 b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBBIEluY29ycC4gQnkg UmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAxIENBIEluZGl2aWR1 YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBALtaRIoEFrtV/QN6ii2UTxV4NrgNSrJvnFS/vOh3Kp258Gi7ldkxQXB6gUu5SBNWLccI 4YRCq8CikqtEXKpC8IIOAukv+8I7u77JJwpdtrA2QjO1blSIT4dKvxna+RXoD4e2HOPMxpqOf2ok kuP84GW6p7F+78nbN2rISsgJBuSZAgMBAAGjgbQwgbEwEQYJYIZIAYb4QgEBBAQDAgEGMDUGA1Ud HwQuMCwwKqAooCaGJGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTEuMS4xLmNybDBHBgNVHSAE QDA+MDwGC2CGSAGG+EUBBwEBMC0wKwYIKwYBBQUHAgEWH3d3dy52ZXJpc2lnbi5jb20vcmVwb3Np dG9yeS9SUEEwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQECBQADgYEA QnwO34x5TKy/COxNVS9QiaDFXk4uXpUym3mtZRELHEpSxNWoMSGO3hCbbAjFB+YDuefINHgJCfK8 BkL4WoyD0YreqiL12eMh0s9ljAYzsM0gsjPNCr0+4Z3BNalksKelJFvp8WjrE8R8N/SUZA2axb0z F++DM6A+5ao+rthzH60wggRfMIIDyKADAgECAhBjUTraBjT667fdsyUY+o8cMA0GCSqGSIb3DQEB BAUAMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3Qg TmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAu IEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRp dmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMB4XDTAxMTExNDAwMDAwMFoX DTAyMDExMzIzNTk1OVowggEDMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy aVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5 L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMVUGVyc29uYSBOb3Qg VmFsaWRhdGVkMScwJQYDVQQLEx5EaWdpdGFsIElEIENsYXNzIDEgLSBNaWNyb3NvZnQxEjAQBgNV BAMUCVJvbiBDbGFyazEiMCAGCSqGSIb3DQEJARYTcmNsYXJrQHN3YmFua3R4LmNvbTCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEAwq8vazqAMq2AGjFVy+bAmf7rgE4ELyMLGXjZyyyiynJAN7zT lNKy8BFAxnfX+FfBl1Oer6lv+8X4TFjZjndqgBmOwaTuxbhUkOWt3qof4kkTO6jS+QN+JwyiIlsB uHKd93sNVcOtbRG/J6JcXxI75+/m8IwAkSjWMGgytZGH0dcCAwEAAaOCAQYwggECMAkGA1UdEwQC MAAwgawGA1UdIASBpDCBoTCBngYLYIZIAYb4RQEHAQEwgY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8v d3d3LnZlcmlzaWduLmNvbS9DUFMwYgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwgSW5jLjADAgEB Gj1WZXJpU2lnbidzIENQUyBpbmNvcnAuIGJ5IHJlZmVyZW5jZSBsaWFiLiBsdGQuIChjKTk3IFZl cmlTaWduMBEGCWCGSAGG+EIBAQQEAwIHgDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnZl cmlzaWduLmNvbS9jbGFzczEuY3JsMA0GCSqGSIb3DQEBBAUAA4GBAIiUvG3UARGRx+pTAvv0vBJQ QtN4IIRlPs3LSgL9LPbDkNByvmjp8aGM6ZMZOyUGviWgjMI0xHTKNDeEbjw/H6kNEVVyjJ1nwh/q ymJNIf29Ut40vqXXrX3IECKgkPXXGj2PQ2rnmvTNf+5n5AwiWHuMW+mSuJ+DmEHn0aJQZHUqMYID VjCCA1ICAQEwgeEwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln biBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBB IEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAx IENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQCEGNROtoGNPrr t92zJRj6jxwwCQYFKw4DAhoFAKCCAcowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG 9w0BCQUxDxcNMDExMTI4MjMwOTM1WjAjBgkqhkiG9w0BCQQxFgQU0d7iPBcegyMXiEdkLFDr0d+k 4VowdgYJKoZIhvcNAQkPMWkwZzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcw BwYFKw4DAgcwDQYIKoZIhvcNAwICASgwBwYFKw4DAhowBwYFKw4DAhowCgYIKoZIhvcNAgUwCgYI KoZIhvcNAgUwgfIGCSsGAQQBgjcQBDGB5DCB4TCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4x HzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5j b20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMT P1ZlcmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZh bGlkYXRlZAIQY1E62gY0+uu33bMlGPqPHDANBgkqhkiG9w0BAQEFAASBgIFUFAxoLtOBCw1xXWT/ 16pSPD8qz8zDjVsEurxzO3pnFY6dSM+2MMvjg0hEPuHfy1IzxIHtqdx7h2h5K8Nl5Tb5hbZaNxYT owCDVrU8D+fQC5PXHxPyd799Qe0DC5dhdZrCehDa9ipEsakVs6Tds0eXj6RqTL0nPLaeJ/Xgp/gk AAAAAAAA ------=_NextPart_000_003D_01C1782F.744EC580-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message