Honeypots
DNS honeypots? Mar 02 2010 08:00PM
Jason Lewis (jlewis packetnexus com) (5 replies)
Re: DNS honeypots? Mar 03 2010 03:24PM
Alexandre Dulaunoy (adulau gmail com)
Re: DNS honeypots? Mar 03 2010 02:20PM
Brent Huston (lbhlists gmail com) (1 replies)
Re: DNS honeypots? Mar 03 2010 02:38PM
Jason Lewis (jlewis packetnexus com) (1 replies)
Re: DNS honeypots? Mar 03 2010 02:55PM
Brent Huston (lbhlists gmail com) (1 replies)
Re: DNS honeypots? Mar 03 2010 03:29PM
Jason Ross (algorythm gmail com)
Re: DNS honeypots? Mar 02 2010 09:48PM
Valdis Kletnieks vt edu (2 replies)
Re: DNS honeypots? Mar 02 2010 10:57PM
Jason Lewis (jlewis packetnexus com)
Re: DNS honeypots? Mar 02 2010 10:57PM
Jason Ross (algorythm gmail com)
On Tue, Mar 2, 2010 at 4:48 PM, <Valdis.Kletnieks (at) vt (dot) edu [email concealed]> wrote:
> On Tue, 02 Mar 2010 15:00:43 EST, Jason Lewis said:
>> Anyone have any pointers to dns honeypots or maybe just BIND
>> configurations that would allow logging of malicious queries without
>> actually executing them?
>
> Out of curiosity, how do you get traffic directed to the honeypot without
> listing it in an NS entry for an SOA?  Give it a hostname like ns1.exampe.com
> and hope that works?
>

There's quite a lot of (bad and good) bots "out there" looking for DNS
servers, particularly ones that appear to permit recursive queries to
the Internet. Just leaving a box on the net that meets those criteria
will collect a fair amount of queries.

--
jason

[ reply ]
Re: DNS honeypots? Mar 02 2010 08:49PM
Jason Ross (algorythm gmail com) (1 replies)
Re: DNS honeypots? Mar 02 2010 11:11PM
Jason Lewis (jlewis packetnexus com) (1 replies)
Re: DNS honeypots? Mar 03 2010 02:49AM
chr1x (chr1x sectester net)
Re: DNS honeypots? Mar 02 2010 08:18PM
Tillmann Werner (tillmann werner gmx de)


 

Privacy Statement
Copyright 2010, SecurityFocus