Jump to content

Security tool


MrWhisp
 Share

Recommended Posts

Hi,

 

I have developed a "Honeypot" security tool. I really would like some more ideas about this tool and therefore I would like to discuss it. And if anyone is interested in testing it let me know and I will post it on a website.

 

The tool works as follows:

A hacker always tries the easiest ways of attacking a system. So if, for example, port 139 (Netbios) is open a hacker attacks that port before trying other attacks, such as webserver exploits.

My Honeypot opens servers at selected ports so it, for example, looks like the Netbios service is available. If anyone tries to connect to this port, the honeypot logs the intruder IP and hostname and automatically adds his IP to the Shorewall dynamic blacklist. The server ports is specified in a config file and can be any ports not used by a system service.

I have for example emulated the Windows RPC service (computers probably infected with viruses like Ms Blaster) and blacklists about 2-4 IP / minute.

To avoid infinitely growing blacklists the system executes a shorewall allow of the IP addresses after a user specified time interval, for example 10 minutes.

 

Any ideas of further development for this tool?

 

/MrWhisp

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...