abuse@ and postmaster@ in the modern world?

[the hatter]

On Sat, 18 Nov 2006, Danny Staple wrote:

> I seem to remember people building stuff like this on a DOS/Netware
> based college network. It was basically screen locking software, but
> gave a fake shell, and then began to get cheeky - sometimes provoking
> people to profanities until they realised they were had.
>
> This would be cool, and fun, but you would have to make damn sure it
> could not be exploited. For a start running it in a totally unprivileged
> account inside an otherwise useless read-only virtual machine (or is
> that also overkill?).

> In truth sounds like it could be too much effort.

It's not overkill, a google for honeypots and honeynets should bag you a
large body of work of what others have done, not much effort required to
start there.

> How many ssh clients could have a return packet from the server spiked
> in some way... Maybe after so long with them messing around - a slightly
> malevolent payload could be sent back..

Tarpitting would be a start, hang onto packets for a while to hold up the
scanning script from finishing with your fake host, rather than it failing
to hack your machine and getting to work on some random real machine.


the hatter