Have any of the more experienced amongst you linux users ever thought of messing with honeypots and setting one up to see if you trap hackers etc and learn more about security? You basically set up a server that will look attractive to hackers to learn what they do - but you make it so they can only damage data on that one machine Theyre a good way to learn but you have to be dedicated to build a good one. Security people build them simply to learn about the techniques hackers will use to force their way in and the honeynet community is excellent at helping people track malicious hackers down they will leave open various gateways and tools just to see if theyre attracting the right calibre of hacker - the best will suss its a trap soon enough but the dumb ones fall in every time and get their asses burnt off ITS WELL FUNNY ! http://honeynet.org/ the main object is just to learn more about securing networks so generally they dont do it to burn the hacker unless they try dumb stuff like warning people of the trap ! or if its someone that is known to them and theyve been after before This is what a typical honey pot admin will discover and write about http://honeynet.thalix.com/scans/scan19/scan/scan19.txt Theres a lot more on that page and its very interesting (well to me it is) even if you havent got the resources or the inclination to build one - its well worth visiting their site and theyre always willing to help fight hackers and spammers http://honeynet.org/ You can build them for windows too but the majority are linux servers
i have heard of this. my CIS instructor told me that 'sometimes' honeynets are used to convict a known hacker. they are also VERY good for SA's. you can figure out if and who is trying to hack you, and also learn the newest techniques to prevent attacks on imortant systems. btw, if you have a windows server, be sure to shut down TCP port 1234. "I AM THE CIA"... no i am not actually the cia, but it is a hack.
Unless your running any kind of server software or p2p that has to interface with programs or users over the internet its a good idea to block all inbound ports - just open them as necessary. you will still get a browser to work even with all your inbound ports blocked so to start with your ports list would look like this 1 - 65535 blocked but then if you needed to have a port open for a p2p program that connects on port 5465 or whatever your list would read 1- 5464 blocked 5465 open 5466 -65535 blocked
