[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
jody salt wrote: > > You could then log all the commands etc used, and > build a profile of the cracker - whats commands they > use and what files they try to upload etc... > > It must of been done already?? honeypots $ apt-cache search honeypot honeyd-common - Honeyd's honeypot documentation and scripts iisemulator - Emulation for the IIS web server labrea - a "sticky" honeypot and IDS tinyhoneypot - Small honeypot to trap attackers Yes "honeyd" simulates ssh to an extent. So thought of, done, and prepackaged for easy install into Debian. However running honeypots (and changing root's shell for those who thought David was serious), is best left to those paid to track the bad guys, or the obsessive (like urm - nevermind), who have the skills to lock their (real) systems down, and too much time on their hands. -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html