[ILUG] Detecting a port scan attempt on my machine->honey
lart at digital-entity.com
Tue Mar 6 19:29:47 GMT 2001
> you can use a secondary isolated machine(a cheap 486 like) like a Trojan
> Horse . and . redirect all packets from that unknown destination to that
> usual ports to this machine.
Kate:: Aren't such machines called "Honey pots" ?
Sorry ... about more then 5 years ago when I was working to build such a
system wasn't called in this way. but the idea is pretty close . but without
that word "Honey" in the name ... so long you are not interested in hunting
'small' hackers or worms or you are not an internet 'cop' ... and more work
on emulating the entire network using the same machine :)... and not just to
study the hacker's movements but to do actually some auto-adjustments for
the real system(even cut the route for that C class Ip) and alert you that
the countdown is started (now a phone ring or sms could help).
Anyway I ve found an article on the net( for those who need more info
and follow the links down to the bottom ... for more help.
More information about the ILUG