RE: RE: (atl: Legitimate uses) RE: Echo off in IO::Sockets

This is probably a stretch, but it could be used as a honeypot that not only keeps a script kiddie busy, but also gives the administrator some idea of what kind of attack is being attempted (raw brute force, dictionary attack, etc). That being said, I also feel uneasy about the original question. Just my thoughts...

Comment on RE: RE: (atl: Legitimate uses) RE: Echo off in IO::Sockets

Replies are listed 'Best First'.
(Ozymandias) RE: RE: RE: (atl: Legitimate uses) RE: Echo off in IO::Sockets by Ozymandias (Hermit) on Aug 15, 2000 at 07:06 UTC
I thought about that, but if it were to be used as a honeypot security system, it would be reasonable to log the hostname and username - not the password. - email Ozymandias	[reply]
RE: (Ozymandias) RE: RE: RE: (atl: Legitimate uses) RE: Echo off in IO::Sockets by isotope (Deacon) on Aug 15, 2000 at 19:17 UTC
Like I said, logging the password would give the sysadmin a better idea of what kind of attack is underway -- are the passwords just incremental alphanumerics, or a dictionary list, or a list of usernames? Does it look like the work of a well-known rootkit? Things like that...	[reply]