Re: How Would I Find the Actual Name of the Honeypot Software via a Pen

To:	Pen-Tests <pen-test@securityfocus.com>
Subject:	Re: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?
From:	StaticRez <staticrez@gmail.com>
Date:	Wed, 20 Jun 2007 11:55:56 -0500
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UY5Ms5PwgHUcXfv/MEz2VueE0spleGfFiY6cQdugggeZWFyP6dVIgkPtKmChW+qI7bUrkqWS9l76zAZ3mkVHp2+C+7TBb4dbwsvTTgkwdobFFHgOtZojyX2Ttv2dbHbFmh9XviTqrDp3Y2x3ogq9tsUX/JFQOfanCprKJYCfhDk=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=LmZmJ3OpFzA7k93+4BEv9HEb8cIoh/KHm7d+zszsfSzhOpnF14ZMinVvikeGVhR/0ms9Guvet/oAy7ezxXHvyEUtc2/VqNlcb7l1qfAAgmonETzOMgDWqV5IqpVA5Baf8YY6l7OO0TCkykCzqYts2X5EmOFZMYOjzMBPoH8Io18=
In-reply-to:	<34f9dcae0706191109nd142932v5c7971fc1b32b926@mail.gmail.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<34f9dcae0706191109nd142932v5c7971fc1b32b926@mail.gmail.com>
Resent-date:	Wed, 20 Jun 2007 12:21:19 -0600 (MDT)
Resent-from:	pen-test-return-1078484415@securityfocus.com
Resent-message-id:	<20070620182119.D800D236FC9@outgoing3.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

Well, here's a list:

http://www.honeypots.net/honeypots/products

If you can actually tell them the name of the software then you're THE MAN.

I'm assuming that within the honeypot configs, you can pick which
services you'd want to be open. With that in mind, I don't think
there's any way of knowing what the actual software is. And even
assuming you know the OS, unless you're analyzing packets, the
honeypot should be able to "mimic" (to a certain extent) an IIS
server, it could be sitting on a BSD or any linux/unix variant box.

this one might require some social engineering...

staticrez



On 6/19/07, TStark <stark.ironman@gmail.com> wrote:

Good afternoon,

I'm doing a pen test a new IPS appliance from outside the network,
while working through the assessment I found that the server
designated as my target was a honeypot set up by our server team
rather than a normal server.

I've now been challenged to now tell them the actual name of the
honeypot software they are using.

So with that, I figure I'd ask the pros, hoping that someone has a
suggestion other than me low crawling under the raised floor in the
server room looking for the host server:P


Thanks for the help!

Tony

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, TStark RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, Paul Melson Re: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, Dragos Ruiu Re: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, StaticRez <= RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, ep Re: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, Jay RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, Michael Scheidell RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, Jeremiah Brott

Previous by Date:	RE: Security and VPN, Russell Butturini
Next by Date:	Re: Security and VPN, The Sun
Previous by Thread:	Re: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, Dragos Ruiu
Next by Thread:	RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, ep
Indexes:	[Date] [Thread] [Top] [All Lists]