Results 1 to 9 of 9

Thread: Honeypot and Mitm detection?

  1. #1
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    2

    Default Honeypot and Mitm detection?

    Hi i am new to this forums and i have a question

    How we can detect honeypots and mitm attacks?
    I think that all hacking and cracking your network to find vulnerabilities is good but a tutorial in detection is more important in my opinion.


    thanx

  2. #2
    Member imported_blackfoot's Avatar
    Join Date
    Jun 2007
    Posts
    386

    Default useful

    A useful question though might be better rounded.

    I would hope it is difficult to detect a honeypot though their unresponsiveness can sometimes give things away. Really you might like to make your own honeypot and learn from hands-on experience. bt has a daemon ready for you to utilise:

    man honeyd

    A (surprisingly) useful entry appears here:

    http://en.wikipedia.org/wiki/Honeypot_(computing)

    Quite a good place to launch your research.

    Also look at:

    http://www.honeynet.org/

    As for detecting mitm attacks perhaps utilise a sniffer ids and watch for temporal delays in network traffic particularly in certificate transfer/validation.

    Write back for further guidance
    Lux sit

  3. #3
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    blackfoot's advice is really good. You should start to learn how honeypots work. Learn about the difference which possibilities are out there to set up a honeypot/honeynet. Use google to search on how to detect high interaction honeypots since they give themself away mostly by specific hardware/software footprinting which is not hidden most of the time.

    For low interaction honeypots it is dependend on how they are configured.

    As for MITM, you could create a script which regularly checks the arp entries and see if something changes. Not sure how big your network is though, other options could be more practical depending on the size of it.
    Tiocfaidh ár lá

  4. #4
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    2

    Default

    Thank a lot for your replys.My network is small router -> pc->laptop all wireless for that reason i want to learn more about detection to be 100% bulletproof.do you know any book on that subject?

  5. #5
    Junior Member
    Join Date
    Feb 2009
    Posts
    25

    Default

    An IDS like snort is a good option. If you're in a coffee shop type location and you want to detect arp poisoning you can with ettercap. If I have to use a hotspot with unknown security I always run a scan with kismet first and then connect and scan with ettercap.

  6. #6
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Not quite sure what the OP is trying to do, but this is worth a look http://www.bothunter.net/
    dd if=/dev/swc666 of=/dev/wyze

  7. #7
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by wyze View Post
    Not quite sure what the OP is trying to do, but this is worth a look http://www.bothunter.net/
    Neat! !!!
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  8. #8
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Barry View Post
    Neat! !!!
    I just downloaded the liveCD from the torrent. I'm gonna see how well it works as a VM.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #9
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by streaker69 View Post
    I just downloaded the liveCD from the torrent. I'm gonna see how well it works as a VM.
    I'm having java issues with it under windows, but it is windows. I'll download it at home, much faster connection.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •