Honeypots and the Accidental Hacker

Published: August 29th, 2007

I was intending to post something on the book Virtual Honeypots: From Botnet Tracking to Intrusion Detection, by Google engineer Niels Provos and German grad student Thorsten Holz, but I was distracted by something shiny in the text.

(Is it just me, or does “honeypots” sound like some really cloying term of endearment? “Honeypots … I’m ho-ome …” But I digress.)

Specifically, it was a search string. Enter this into the search box of your favourite engine:

“# -FrontPage-” inurl:service.pwd

The results you’ll get are likely the clear text password information for a Web server whose hatches aren’t fully battened. My search on Google turned up only 69, which means either a) in general, admins are being pretty good about properly configuring servers or 2) there’s about 70 honeypots set up to glean some information from potential intruders.

Honeypots are essentially decoy systems that aren’t connected to the corporate system and serve no legitimate function. Thus, any traffic on them would be an attempted exploit. Security folks can use them to log attacks and learn what they can about how the perps work, applying that information to their own security regimen.

Virtual honeypots are a cost- and time-effective alternative to physical machines, the book argues, and it takes a hands-on approach to demonstrating that. It’s a valuable book, and Provos took some time to talk about it with me in this podcast. Have a listen, buy the book. And — for entertainment purposes only, of course — visit johnny.ihackstuff.com for the full catalogue of Google hack search strings, my faves being the various online devices section, with links to Webcams, networked printers, etc.

Related Download
Designing for enterprise automation Sponsor: IBM
Designing for enterprise automation

Register Now