Re: wanted: images of compromised systems
From: ty (ty_at_spamtraper.uk.org)
Date: 09/11/04
- Previous message: sirex: "Re: wanted: images of compromised systems"
- In reply to: sirex: "Re: wanted: images of compromised systems"
- Next in thread: Jose Maria Lopez Hernandez: "Re: wanted: images of compromised systems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 11 Sep 2004 16:27:47 +0000
On Sat, 11 Sep 2004 15:13:06 +0100
"sirex" <junk@siology.net> wrote:
>
>
> "ty" <ty@spamtraper.uk.org> wrote in message
> news:eecb12-cu.ln1@redfox.00102345.dfhgjtyuk...
> > On Sat, 11 Sep 2004 11:44:43 +0100
> > "sirex" <junk@siology.net> wrote:
> >
> > >
> > > "Heikki Lamp_n" <heze@htklx2.htk.fi> wrote in message
> > > news:7Cs0d.2$Ej7.0@read3.inet.fi...
> > >
> > > > open ur ports and have fun. ull get plenty off unauthirized
> > > > access attepts....
> > >
> > >
> > > yeah, that's what I wanted to do via the honey pot, but I thought
> > > against it because where my computers are located it would be a
> > > security risk for others if I let malicious connection attempts
> > > though. I'd likely get into alot of trouble :-)
> >
> > Not necessarily. I have my firewall/gateway direct all external
> > connection attempts coming in to another machine only for the
> > purpose of just monitoring, that same machine is not allowed to talk
> > back to the internet so it logs all connection attempts but never
> > replies. You can watch it all in real time with something like
> > Iptraf. It would of course be a simple matter to have a honeypot
> > enabled on that machine and only open ports you specificaly want to
> > monitor for activity. As long as you have a second monitor say where
> > you can watch in real time whats going on you can always pull its
> > plug at any time.
> >
> >
> > >
> > >
>
> hmmm, maybe. really I wanted systems from attackers too, you know ?
> not just looking at the victims, but also the other sorts of
> situations I might encounter. Whilst I know the techniques needed,
> there's nothing like real practice, but obviously, finding suitable
> systems that are not real life mission critical systems (or needed as
> court evidence) is tricky.
Well you can attack yourself ;-), setup a machine and try and hack it
yourself from yet another machine. There is a wealth of info on the net
on how to do this sort of thing and how to setup intrusion detection
etc. Everyone has their own way of doing it though, which software to
use etc. The good point of doing it this way is that you can learn a
lot about the subject with no real risk to yourself. Second hand
hardware is so cheap these days, even an old 486 with 16 megs of ram
will do.
>
> how do you practice something like this without faking the system
> yourself and thereby knowing what to look for ? -- I'd get a friend to
> do it and swap images with each other, but there's no substitute for
> the tricks a real criminal thinks up.
It is rather like the saying you need to be a crook to catch a crook ;-)
or at least to be able to try and think like one.
To practice, setup a honeypot on a machine and then from another machine
try and hack it, you will see exactly the sort of things you need to
learn and do and monitor. You can play with it, change the setup, try
all sorts of things.
If you are new to this sort of thing it is the best way to learn through
trial and error and you will mess up we all do. And to say again there
is no risk to yourself or your machines because when you do mess up just
wipe re-install and off you go again.
UNDER NO circumstance set up this sort of thing and connect straight to
the internet unless you have practiced and know what you are doing and
feel confident about it.
>
>
- Previous message: sirex: "Re: wanted: images of compromised systems"
- In reply to: sirex: "Re: wanted: images of compromised systems"
- Next in thread: Jose Maria Lopez Hernandez: "Re: wanted: images of compromised systems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
