Honeypots
DNS honeypots? Mar 02 2010 08:00PM
Jason Lewis (jlewis packetnexus com) (5 replies)
Re: DNS honeypots? Mar 03 2010 03:24PM
Alexandre Dulaunoy (adulau gmail com)
Re: DNS honeypots? Mar 03 2010 02:20PM
Brent Huston (lbhlists gmail com) (1 replies)
Re: DNS honeypots? Mar 03 2010 02:38PM
Jason Lewis (jlewis packetnexus com) (1 replies)
Re: DNS honeypots? Mar 03 2010 02:55PM
Brent Huston (lbhlists gmail com) (1 replies)
Likely nothing today, most malware isn't smart enough to figure that out.

On Mar 3, 2010, at 10:38 AM, Jason Lewis wrote:

> Slightly related, I was wondering what might happen if I made every
> query to the honeypot resolve back to the honeypot?
>
> On Wed, Mar 3, 2010 at 9:20 AM, Brent Huston <lbhlists (at) gmail (dot) com [email concealed]> wrote:
>> One of the tactics our clients use is that they stand up one of our HoneyPoint Agents on a decoy box and then send all malicious and failed queries to that IP address. The HoneyPoint Agent then absorbs the traffic for analysis.
>>
>> You can find a little bit about it from one of our customers here, they wrote it up with us: http://hurl.ws/cbhp
>>
>> Let me know if that helps!
>>
>> On Mar 2, 2010, at 4:00 PM, Jason Lewis wrote:
>>
>>> Anyone have any pointers to dns honeypots or maybe just BIND
>>> configurations that would allow logging of malicious queries without
>>> actually executing them?
>>
>>

[ reply ]
Re: DNS honeypots? Mar 03 2010 03:29PM
Jason Ross (algorythm gmail com)
Re: DNS honeypots? Mar 02 2010 09:48PM
Valdis Kletnieks vt edu (2 replies)
Re: DNS honeypots? Mar 02 2010 10:57PM
Jason Lewis (jlewis packetnexus com)
Re: DNS honeypots? Mar 02 2010 10:57PM
Jason Ross (algorythm gmail com)
Re: DNS honeypots? Mar 02 2010 08:49PM
Jason Ross (algorythm gmail com) (1 replies)
Re: DNS honeypots? Mar 02 2010 11:11PM
Jason Lewis (jlewis packetnexus com) (1 replies)
Re: DNS honeypots? Mar 03 2010 02:49AM
chr1x (chr1x sectester net)
Re: DNS honeypots? Mar 02 2010 08:18PM
Tillmann Werner (tillmann werner gmx de)


 

Privacy Statement
Copyright 2010, SecurityFocus