[ale] Honeypots
Michael H. Warfield
mhw at wittsend.com
Tue Apr 22 23:34:33 EDT 2003
On Tue, Apr 22, 2003 at 08:28:26PM -0700, tom hawks wrote:
> Have you ever caught anyone trying to hack into one of
> your honeypots?
Snicker... Chuckle...
Would you like some ftp server user names and passwords in
Romania (no, they weren't too bright)...
Let's see, what time is it... Nope, not in the last few hours...
God... It's like stomping cockroaches... But a lot more fun.
Got annoying for a bit when some started combining the ptrace local
elevation to root with the Apache mod-ssl exploit. Well, annoying, yes.
But I got some nice new root-kits for the effort of flushing them off
the honeypot. >/;->=> Vservers running on top of a hardend kernel
solved that problem and let me collect rootkits without actually getting
the core engine rooted. Bonus!
> tom
Mike
> __________________________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo
> http://search.yahoo.com
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
PGP signature
More information about the Ale
mailing list