Purely a IMHO, but that goes well beyond a honeypot as anyone could inadvertantly browse to that site. If I browsed to a site and all my alarms went off (as they would if it does what you described) then I would consider that a bit of a liberty and might consider getting in your face ;-) As I said, purely a personal thing, but I would consider a website like that hostile.. *shrug* Surely a honeypot should be a subtle creature, not one that roars ? Cheers. ----- Original Message ----- From: "Nicolas Gregoire" <nicolas.gregoireat_private> To: <pen-testat_private> Sent: Wednesday, June 20, 2001 9:42 AM Subject: A kind of Honeypot > Hi all, > > I plan to make a website just for my pen-tests. > > This website grabs as much as possible info from the visitors (IP, > browser, proxy, etc ..), tries to exploit some common vulns of browsers > (Guninski's page is a good start for this) and hosts a passive > fingerprinting app. > The victims are "spammed" with some misc. content (p0rn, free CD/DVD, > jokes) linking (or redirecting) to the site. > > Has anybody ever do that ? > > Nicob >
This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 11:43:15 PDT