Honeypots: Re: [mailinglists] Commercial anti-honeypot tool [2]

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Honeypots mailing list archives

Re: [mailinglists] Commercial anti-honeypot tool [2]

From: "KeyFocus" <support () keyfocus net>
Date: Mon, 12 Jan 2004 18:23:21 -0000

Wouldn't it be easy for a honeypot to detect "Hon.eypot Hun.ter"
simply by looking for SOCKS clients that make connection requests
back to their own IP on port 25? For these connections, the
honeypot could provide full SOCKS functionality.


Yes, this does works a treat in fooling "Hon.eypot Hun.ter". :-)
I did not mention it in case the author or a spammer came accross the
posting, also the reason for periods in "Hon.eypot Hun.ter".
I am sure they will work it out eventually when they come up against
honeypots that do this.
Our one will be ready in next week.

- Tom

By Date By Thread

Current thread:

Commercial anti-honeypot tool [2] Larissa Fricker (Jan 12)
- Re: [mailinglists] Commercial anti-honeypot tool [2] KeyFocus (Jan 12)
- Re: Commercial anti-honeypot tool [2] Valdis . Kletnieks (Jan 12)
  - Re: Commercial anti-honeypot tool KeyFocus (Jan 12)