[ILUG] Detecting a port scan attempt on my machine->honey
Larry Lart
lart at digital-entity.com
Tue Mar 6 19:29:47 GMT 2001
> you can use a secondary isolated machine(a cheap 486 like) like a Trojan
> Horse . and . redirect all packets from that unknown destination to that
not
> usual ports to this machine.
Kate:: Aren't such machines called "Honey pots" ?
Sorry ... about more then 5 years ago when I was working to build such a
system wasn't called in this way. but the idea is pretty close . but without
that word "Honey" in the name ... so long you are not interested in hunting
'small' hackers or worms or you are not an internet 'cop' ... and more work
on emulating the entire network using the same machine :)... and not just to
study the hacker's movements but to do actually some auto-adjustments for
the real system(even cut the route for that C class Ip) and alert you that
the countdown is started (now a phone ring or sms could help).
Anyway I ve found an article on the net( for those who need more info
about).
http://saturn.spaceports.com/~smc/by-mrlink/honeypots-IDS.html
and follow the links down to the bottom ... for more help.
Larry Lart
More information about the ILUG
mailing list