Published March 14th, 2003 by Jim O'Halloran
Honey pots (Part 2)
A while back I linked to part 1 of an article on using Honey pots network security. Now SecurityFocus brings us part two.
In this paper we take a closer look at Honeyd. Specifically, we will deploy Honeyd on the big, scary Internet for one week and watch what happens. The intent is to test Honeyd by letting real bad guys interact with and attack it. We will then analyze how the honeypot performed and what it discovered.
I haven’t been running a honeypot, but my gut feel is that the Internet is a considerably less friendly place than it was 4 or 5 years ago. Years ago, I (intentionally) ran an open SMTP relay for over 12 months, and no one exploited it before if voluntarily secured it. A month ago, I accidentially created an open relay and itwas explited in days. My linux/apache boxes see IIS directory traversal type attacks most days, and my SMTP servers see relay attmpts at least once a day.