Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Bot honeypot - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Bot honeypot

An article has been posted about how bots can implement a false admin interface to lure security researchers in. It goes on to describe how essentially it is a honeypot that allows the botmaster to gather information about how others try to hack their botnet.

Interesting reading: http://www.boingboing.net/2010/11/05/botmasters-include-f.html

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

I will be teaching next: Intrusion Detection In-Depth - SANS Cyber Defence Australia 2022

Adrien de Beaupre

353 Posts
ISC Handler
Nov 5th 2010
This doesn't surprise me at all. Researchers use black hat techniques to catch them and defend against them, and black hats use the same techniques as researchers do to catch them and defend against them.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!