Confusion

It had been a long day. Eric trudged slowly down the sidewalk on his way home from work. The manager, Chris, had him image drives for five hours. When customers bought a computer from his store, they got the same thing that every other customer did—Windows, a bunch of preloaded software, and a custom startup screen with the name of the company emblazoned across it. Apparently a case badge wasn't enough.

He got home, grabbed a Mountain Dew from the fridge, and dropped down on the couch. After an hour of Seinfeld reruns, he wandered up to the loft where he and his roommate kept their desktops. He plopped down on his Love Sac, grabbed his wireless keyboard, and spent a few hours reading fark.com and mindlessly ranting into IRC. By 1:00 a.m. he was sufficiently bored. It was time to grab the laptop.

He headed outside and found a bench. Once he was connected to an access point, he pulled up netcat and connected to one of his remote machines. Nothing. He pinged the machine to make sure it was there. The response time was great, all under 50 milliseconds.

"That's weird," Eric said to himself. "That was working yesterday."

He checked his list of owned machines and connected to another. This time he was successful. He'd noticed a machine the other day that had a Sub-7 server running on it; he'd started to upload his files to it when a neighbor happened to walk by him and started a conversation. He'd closed his laptop without finishing the upload, but now when he checked, the Sub-7 server was gone. No matter, the machine had several other ports of interest, so he decided to connect to the ftp port. It allowed him in as an anonymous user, but when he threw a few commands at it, he got nothing. Maybe something was wrong with his laptop. He couldn't get anything to work right. This was definitely not the best of days.

He decided to call it a night. Either he was having hardware issues, or his brain wasn't working right; one way or the other, he was tired, and he was cold.

Dull No More

Every day for the next two weeks, when David and Bryan had finished the small amount of work that filled their morning hours, they would return to the office and sit huddled around a monitor. They'd go through the honeypot's logs and find new machines to patch and attackers to toy with.

They laughed about how it must be driving the attackers crazy. Every time they connected to the honeypot, they lost an attack point. With every attempt to gain a machine, they lost one they already had. The thing that pleased them the most was that somewhere out there, there had to be one or more attackers who had tried two, or even three times to take that box. They traded two or more, for the prospect of one, and David and Bryan felt great about that.

"I love this," Bryan said gesturing toward the monitor.

"He he, I know what you mean," said David.

"You know what would make it better, though?"

"What's that?" David asked, not taking his eyes from the monitor.

"We should automate it."

David stopped. He looked over at Bryan, who was leaning back in his chair, hands behind his head, wearing a grin from ear to ear.

"Automate it," David said, almost to himself.

"Think about it! If we could figure out how to automate this, and we put the information online somewhere, anonymously, of course, I think other people would do it!" Bryan said, sitting up in his chair.

"They would?" David quietly asked himself. "If something like this was deployed in network closets all over the world, every attacker would have to think twice before making an unauthorized connection to a machine. Sure, they'd still own boxes all the time, but they'd have to stop and think before they did it. I can see them out there thinking ‘Is this one worth it?' before they launch their scripts. Haha, it's beautiful!"

David sat quietly looking out the window. He watched a car slowly turn into a parking lot, and its driver head into the building across the street.

"Helloooooo? David?" Bryan said.

David turned his chair toward Bryan.

"All right, let's automate it."