Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: [ANNOUNCE] protocol watcher
From: Andrew Simmons <andrews () mis-cds com>
Date: Tue, 27 May 2003 13:04:13 +0100
Jerry Shenk wrote:



Is it possible to get LaBrea to use unused ports on a single IP address.  I
think it just does entire unused IP addresses.
This reminds me of an interesting article on setting up a cheap and cheerful honeypot using a couple of simple shell scripts and netcat which may or may not be of use to the original poster...? 


http://www.securityhorizon.com/whitepapers/technical/honeypot.html
In a nutshell, the scripts start netcat processes listening on various significant ports. An elegant solution showing the power of netcat... I'm sure I saw a more detailed article along the same lines on another site, but of course I can't locate the URL now.
Netcat will only log TCP or UDP connections. For ICMP and other more unusual IP protocols you'll need a full-blown firewall. 

cheers,


\a




-----Original Message-----
From: Anders Reed Mohn [mailto:anders_rm () utepils com]
Sent: Friday, May 23, 2003 5:06 AM
To: incidents () securityfocus com; Justin Pryzby
Subject: Re: [ANNOUNCE] protocol watcher



----- Original Message -----
From: "Justin Pryzby" <justinpryzby () users sourceforge net>
To: <incidents () securityfocus com>
Sent: Wednesday, May 21, 2003 11:00 PM
Subject: [ANNOUNCE] protocol watcher




I emailed the list previously asking if anyone knew of a way to
automatically accept and log all connections to a computer.  My thanks
to all that replied; unfortunately, I was unable to find exactly what I
wanted.  Since then, it occurred to me that this piece of software would
not be hard to write, so, three attempts later, it is written.



Would this be anything similar to Tom Listons excellent LaBrea?
http://labrea.sourceforge.net/labrea-info.html

Cheers,
Anders :)






The information contained in this message or any of its attachments may be privileged and confidential and intended for 
the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other 
dissemination or use of this communications is strictly prohibited.  The views expressed in this e-mail are those of 
the individual and not necessarily of MIS Corporate Defence Solutions Ltd.  Any prices quoted are only valid if 
followed up by a formal written quote.  If you have received this transmission in error, please contact our Security 
Manager on 44 (0) 1622 723410.


----------------------------------------------------------------------------
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]