From owner-freebsd-chat Tue Feb 20 20:59:40 2001 Delivered-To: freebsd-chat@freebsd.org Received: from femail9.sdc1.sfba.home.com (femail9.sdc1.sfba.home.com [24.0.95.89]) by hub.freebsd.org (Postfix) with ESMTP id D667C37B4EC for ; Tue, 20 Feb 2001 20:59:37 -0800 (PST) (envelope-from europax@home.com) Received: from home.com ([24.12.186.185]) by femail9.sdc1.sfba.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20010221045937.PBUV13478.femail9.sdc1.sfba.home.com@home.com>; Tue, 20 Feb 2001 20:59:37 -0800 Message-ID: <3A934B3A.33E70781@home.com> Date: Tue, 20 Feb 2001 20:59:38 -0800 From: Rob X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: David Kelly Cc: freebsd-chat@FreeBSD.ORG Subject: Re: mousetrap for port 111? References: <200102210312.f1L3CVm06055@grumpy.dyndns.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sounds like fun! My notebook is only connected for a couple of hours per night but ipflog is full of port 111 stuff. (and also the LPRng port scans) Rob. David Kelly wrote: > > Getting tired of the probes on port 111. Anyone know of a "mousetrap" to > fake being Sun RPC, complete with emulation of what the script kiddies > are looking for? > > I wouldn't mind a protected sandbox for them to play in. Protected from > everything else. Fake credit card files. Files tagged "SECRET". Etc. > Recording everything they did. Something that could be used as evidence > for prosecution. Thinking such could be called a "reverse kiddie > script", or maybe just "mousetrap". > > Surfing /usr/ports finds security/fakebo seems to have the right idea. > > The FBI got a lot of flack for Carnivore, which actively seeked its prey > out of the herd. Maybe we talk them into Herbivore, which would wait for > the hunter to come to it? If it wasn't for the pre-existing Carnivore > name they could call this one "venus flytrap." > > -- > David Kelly N4HHE, dkelly@hiwaay.net > ===================================================================== > The human mind ordinarily operates at only ten percent of its > capacity -- the rest is overhead for the operating system. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-chat" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message