RE: A kind of Honeypot

From: Andrew van der Stock (ajv@e-secure.com.au)
Date: Wed Jun 20 2001 - 20:43:12 PDT

Next message: oo00oo M0ng0 oo00oo: "Pen Test MOA"

Previous message: Andrew van der Stock: "RE: pcanywhere passwd capture"
In reply to: Nicolas Gregoire: "A kind of Honeypot"
Next in thread: Lance Spitzner: "Re: A kind of Honeypot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pr0n sites do it all the time. Don't browse them with JavaScript turned on.

However, realistically, honeypots and similar ilk are man-traps. I feel
you'd get more information from running a useful web site, and looking your
web logs.

Andrew

-----Original Message-----
From: Nicolas Gregoire [mailto:nicolas.gregoireat_private]
Sent: Wednesday, 20 June 2001 18:43
To: pen-testat_private
Subject: A kind of Honeypot


Hi all,

I plan to make a website just for my pen-tests.

This website grabs as much as possible info from the visitors (IP,
browser, proxy, etc ..), tries to exploit some common vulns of browsers
(Guninski's page is a good start for this) and hosts a passive
fingerprinting app.
The victims are "spammed" with some misc. content (p0rn, free CD/DVD,
jokes) linking (or redirecting) to the site.

Has anybody ever do that ?

Nicob

Next message: oo00oo M0ng0 oo00oo: "Pen Test MOA"
Previous message: Andrew van der Stock: "RE: pcanywhere passwd capture"
In reply to: Nicolas Gregoire: "A kind of Honeypot"
Next in thread: Lance Spitzner: "Re: A kind of Honeypot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 13:01:27 PDT