addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1light-bulblinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

Re: [ga-400-linux-group] Interesting read on Linux honeypot servers

From: Michael P.
Sent on: Friday, May 9, 2014 9:27 AM
Rob,

Very interesting 'Research'.  Share some details of what they do.

If you could sufficiently automate this you could have it collecting data to make a presentation with statistics.

As a group, let's give Rob a list of things that would be interesting to collect:
1) IP address of hacker (okay, probably scrubbed by VPN, but would still be interesting).
2) time to first attempt of hack.
3) time to first successful hack.
4) what type of activity do they do on the machine.



On Tue, May 6, 2014 at 1:38 PM, Rob Fauls <[address removed]> wrote:
Sadly, one of my favorite things to do is to setup a honeypot and just see what people do. throw up a vm, start a jail, put the jailed vm out there and keylog everything. do a cron job on the host vm to reset every hour on the hour. If you leave it up for about a week they will end up cronning their own box to re-purpose your honeypot with the cron job...tons of fun! I know, I have no life.
-Rob

GPG Encrypted emails are available upon request. Please do not send sensitive information via plaintext messaging.


On Tue, May 6, 2014 at 1:34 PM, Andy <[address removed]> wrote:

Check out this post on how long it takes for a poorly secured Linux server to get compromised.  There is good information on what happens after the attacker has access to the server.

http://draios.com/fishing-for-hackers/

Enjoy!





--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by Andy ([address removed]) from GA 400 Linux Group.
To learn more about Andy, visit his/her member profile
To report this message or block the sender, please click here
To unsubscribe from special announcements from your Organizer(s), click here

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]





--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by Rob Fauls ([address removed]) from GA 400 Linux Group.
To learn more about Rob Fauls, visit his/her member profile

To report this message or block the sender, please click here
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages



--
Michael Potter
  Tapp Solutions, LLC
  Replatform Technologies, LLC
[masked]  ** Atlanta ** [address removed]  **  www.linkedin.com/in/michaelpotter

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy