|
|
Honeypots
DNS honeypots? Mar 02 2010 08:00PM Jason Lewis (jlewis packetnexus com) (5 replies) Re: DNS honeypots? Mar 03 2010 02:20PM Brent Huston (lbhlists gmail com) (1 replies) Re: DNS honeypots? Mar 03 2010 02:38PM Jason Lewis (jlewis packetnexus com) (1 replies) Re: DNS honeypots? Mar 02 2010 08:49PM Jason Ross (algorythm gmail com) (1 replies) |
|
Privacy Statement |
> Anyone have any pointers to dns honeypots or maybe just BIND
> configurations that would allow logging of malicious queries without
> actually executing them?
>
We have used various techniques to make DNS honeypots. But there is
an easy to do "fake" DNS server using Net::DNS::Nameserver :
http://search.cpan.org/~olaf/Net-DNS/
You can even find a simple example in the POD :
http://search.cpan.org/~olaf/Net-DNS/lib/Net/DNS/Nameserver.pm
If you want to make a low-interaction nameserver, you can filter
the request and answer to limit the malicious queries but still gain
information by doing and logging the request but not sending
back them to the client.
Hope this helps,
Kind regards,
--
-- Alexandre Dulaunoy (adulau) -- http://www.foo.be/
-- http://www.foo.be/cgi-bin/wiki.pl/Diary
-- "Knowledge can create problems, it is not through ignorance
-- that we can solve them" Isaac Asimov
[ reply ]