sample attack on honeypot system

tanveer · 11-23-2010, 05:38 PM

Hi,
Just out of curiosity, I have implemented two machines one for honeypot(192.168.100.10) and another(192.168.100.20) to remotely log the honeypot log file using syslog. Inside honeypot I emulated another 3 machines with services on virtual IPs of that same block.
Now honeypot is working and I can see the logs generating as I did a portscan(nmap) on those virtual IPs from .20 machine.All of the machines are running ubuntu.

But does anyone know any s/w or tools which originally attackers use so that I can get a clear picture of what happens from the logs. Having problems creating these attack scenarios.

Thanks in advance.

unSpawn · 11-23-2010, 07:15 PM

Quote:

Originally Posted by tanveer

does anyone know any s/w or tools which originally attackers use

Searching the Internet for reports of security incidents, vulnerabilities, assigned CVE's or "cracker" fora shouldn't take longer than posting your question here.

Please note offering cracker tools is not the purpose of the Linux security forum.

tanveer · 11-23-2010, 10:23 PM

thank you, actually the thing is after I get a response from here I feel more confident ..
.. and sorry ..