Honeypots: Re: Virtual Honeypot Users

["Andrew R. Lamb" <arl7969 () it rit edu>]

Yes, it would be more of a task - again, self plug but if you visit my paper at 
http://www.lucidic.net/whitepapers/alamb-12-2001.html I emulated a "normal" user logging in and perfoming daily tasks. 
I've known people to hand out shell accounts on their
honeypot to friends, who then act like "normal" users (checking their email, web browsing, etc). You can filter out 
traffic originating from your friend's IP addresses and focus in on any bad guy's (traffic).

Brian Burton <brianburton () telus net> writes:
> I've been thinking about this lately and wonder what others think...
>
> Basically do you think it would be worth it to simulate actual users logging in and doing tasks on honeypots?  
>
> I know you'd then have additional activity on the honeypot you'd have to account for but just thought this would be an 
> interesting addition for them making them more realistic.  
>
> I thought of it since when hackers do get into the box they for sure check if anyone is logged on and I'd assume it 
> always seem odd if no one is ever logged in or anything additional has happened since the previous time they've been 
> on.
>
> I'm sure others have thought of this or something similar so was curious on what you think about doing this.
>
>
>
> Brian