Can this be done? - Idea for a Honeypot

[mummysboy]

Hiya

Well i have been thinking that as i had 2 routers to extend the range of my wireless it was a major security risk as client is always connected [ cheers for highlighting this -=Xploitz=- ]

So i have invested in a cheap TP link yagi aerial [£12.99 from bigpockets.co.uk]

and i have got much better coverage from just the one router.

This now means i have a surplus router.

Is it possible to create a honeypot [ i think im using right term here ] which has exactly the same SSID as my network - make it unsecured and then just cloak myessid of the network.

I have a really old laptop with can run win2000 and thats it [it has 32MB ram - thats how old it is] and i was wondering if i could create a webserver on it and have a webpage with the words " Your MAC Address has been logged - Thanks for trying to steal my internet - Authorities have been emailed your PC - Hardware Details"

Just to put the $hits up whoever logs on to it.

I ask because whenever i try something it goes wrong so i thought i best ask if you guys think its do-able

- btw i dont actually want to record any data - or email the authoritys - just shake em up

[SLK001]

Well, what would happen if you "snag" someone who panics that his illegal activities have been discovered, then decides to break into your home, kill you and your family, then proceed to destroy all the equipment with the "log".

[imported_spankdidly]

Better yet, Instead of setting up a honeypot, just go bust a cap in anyone nearby that way they can't get on your wireless routers. This includes anyone driving past your House.

I wouldn't recommend doing that as it was a joke. If someone is on my wifi, I just ettercap their ass. You could do upside-down-ternet, which is kinda hard (IMO and skillset). Thorin posted something that had to do with that, but with application downloads. They try and download something, but you push out something else

That would be awesome.

[mummysboy]

that sounds like a much funnier solution

guess im gonna have to hunt down for upside down net.

[streaker69]

that sounds like a much funnier solution

guess im gonna have to hunt down for upside down net.

Why not just use everything's gone goatse.

[imported_spankdidly]

Why not just use everything's gone gotse

Wrong on so many levels.

[mummysboy]

ok - im exceptionally new to this - and that link is fooked up - like really really foocked up. Im going to drink meths in the vain hope to wipe it from my memory

http://www.ex-parrot.com/~pete/upside-down-ternet.html was the link thorin mentioned but omg i got lost in the first 1/2 of the tutorial. I guess im gonna have to try and figure it out.

I presume that i would need to redirect all traffic to that horriffic site except for an 'allowed' list. and can i ask how i would go about this?

do i need to grab specific software? or can it be scripted?

like i said im new to this but i like the idea of directing people to one site only.

[imported_spankdidly]

ok - im exceptionally new to this - and that link is fooked up - like really really ****ed up. Im going to drink meths in the vain hope to wipe it from my memory

http://www.ex-parrot.com/~pete/upside-down-ternet.html was the link thorin mentioned but omg i got lost in the first 1/2 of the tutorial. I guess im gonna have to try and figure it out.

I presume that i would need to redirect all traffic to that horriffic site except for an 'allowed' list. and can i ask how i would go about this?

do i need to grab specific software? or can it be scripted?

like i said im new to this but i like the idea of directing people to one site only.

Dont even ask. it's not easy to do. (for me anyway).

Best thing to do is setup a SMOOTHWALL box (look it up). It can act as a proxy cache server transparently with squid. All you would need to do from there is install the apps (mogrify) and then chop up the network into trusted and untrusted, and then runs the scripts. It's been mentioned on here before and I dont know anyone that has had success doing it other than that site. (I KNOW, it can be done, but the knowledge I have doesn't come close to experimenting with all of that.)

Smoothwall would be your best bet (or Ipcop or another linux distro that provided the transparent proxy service). Smoothwall is nice because squid is so easy to configure. On other distros it was such a headache. I tried getting squid to run on BT. I got it to work, but not transparently. it would work if you told the other browsers from other machines to point the proxy's address. I found out later it was a bug in squid and that you had to add a few special lines to make it work. Not in the newer version.

I run smoothwall at home. It's nice. Shows what each IP on your network has accessed via HTTP. Logs all IM conversations (msn, yahoo, aol, irc, Icq), built-in firewall, Dans-guardian (so ya can't browse the pr0n), clamav, and a slew of other stuff. Plus everything is transparent. You dont have to configure any browsers. That's how I caught all the RST packets from a specific IP. Upon whois'ing the IP, I found it was C0mCast! Killing all my torrents. Nice!

[mummysboy]

hmm - i think the laptop i was planning to use may not be up to the task lol.

Thankyou very much for the pointer - i wont be able to get a new box till the new year - so looks like i wont be able to try till jan/feb

[-=Xploitz=-]

C'mon guys...if you wanna mention goatse fine..but don't hyperlink to that crap from here please. That kinda follows under the infraction for

Any religious, political or pornographic references will not be tolerated.


Verbal warning to all.