Honeypots: RE: Does it really take so long to get a bite?

[Adam Graham <adam () commercialcoating com>]

in college we set up a honey pot... and to our dismay no one broke into
it... so we decided to SSH in to the box, run BitchX IRC client.. Went
to EFNET.. and went into a script kiddie room and told them that they
cant do anything, and called them names... With in about 20 min we had
some logs full of stuff.. took us a week to look over what we had (didnt
want the logs to get in the way of a killer graduation party).. 



just my 2 cents worth


On Mon, 2002-12-09 at 19:12, Andrew Hintz (Drew) wrote:

> > From: Anton A. Chuvakin [mailto:anton () chuvakin org]
> > And it got me thinking again of how it might depend upon the IP address.
> > Would it not make sense to try to compare scans for the same service for
> > various honeypots running on different IPs?  The question is how to make
> > the comparison without disclosing the honeypot IP address?
> The Internet Storm Center <http://isc.incidents.org/> does analyses similar
> to what you're probably thinking of.  They already have tons of sensors out
> in the wild and have been gathering useful data for quite some time.  Check
> it out; it's a really good resource.
>
> HTH,
> --
> ^Drew
>
> http://guh.nu
>
> --Begin PGP Fingerprint--
> 3C6C F712 0A52 BD33 C518  5798 9014 CA99 2DA0 5E78
> --End PGP Fingerprint--
-- 
Adam Graham <adam () commercialcoating com>
CCSI