Help needed !!!

Random things go here

Help needed !!!

Post by McAttack on Thu Apr 19, 2012 7:57 pm
([msg=65802]see Help needed !!![/msg])

Hey Folks,
I know i have probably done a number of things wrong such as post this in the wrong place or something but please forgive me as im fairly new to this. :? :oops: :?
Anyway i was wondering if it was possible to get some help, im currently doing a college project on honeypots and as it stands haven't received much traffic at all. and as the deadline creeps closer and closer im starting to panic as of why i have not gotten large amounts of traffic.
I was wondering if people could inform me on how to attract some attention fast (i.e which services to run and ports to open), as it stands i have a simple basic file service running and web service running on a windows server 2003 machine.

Along with opening my eyes to what i'm doing horribly wrong i was wondering if it was possible if i gave the ip address of the server out on the post would people who have a few moments run some typical attacks on the server (wont be challenging) so i can gather some traffic or does this go against some rules of this site?

Finally if it doesn't go against the rules and it is possible for people to have a go at attacking the server i was wondering if it would be possible for those people who do decide to attack the server not to wreck it to much and keep away from editing any important log files as i haven't time to re-install and reconfigure everything.

Thanks for any help in advance much appreciated.
McAttack
New User
New User
 
Posts: 5
Joined: Thu Apr 19, 2012 7:35 pm
Blog: View Blog (0)


Re: Help needed !!!

Post by fashizzlepop on Thu Apr 19, 2012 9:09 pm
([msg=65803]see Re: Help needed !!![/msg])

Don't worry, you're not against the ToS. Just put something on the server so we can recognize it's yours. Like setup a webserver real quick with a page saying "HTS please test this."

Idk why you're not getting much traffic but it's probably because you are only 1 IP. Universities and other places like Menlo Park capture thousands of attempts from malware on their honeypots because they own large IP ranges such as a x.x.x.0-255 meaning they own all 256 of those IPs or Menlo Park which I believe has x.x.0-255.0-255 meaning they have a /16 IP range. This allows them to capture a lot more.

I'm going to assume you're not getting an abnormally small amount of traffic.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Help needed !!!

Post by pretentious on Thu Apr 19, 2012 9:25 pm
([msg=65804]see Re: Help needed !!![/msg])

If you provide the IP and prove you own it, I'll take a look. Though i've got very little experience in this so i probably wont get much beyond port scanning :?
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
pretentious wrote:Welcome to bat country
User avatar
pretentious
Contributor
Contributor
 
Posts: 612
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Help needed !!!

Post by LoGiCaL__ on Fri Apr 20, 2012 12:44 am
([msg=65807]see Re: Help needed !!![/msg])

You can create some flyers as a social engineering experiment just to get the server out there. Then just sit back and wait for some traffic. Someone is bound to check it out.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1060
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: Help needed !!!

Post by McAttack on Fri Apr 20, 2012 12:11 pm
([msg=65818]see Re: Help needed !!![/msg])

Just on what fashizzlepop was saying that's what i was thinking ....like im a small fish in a very very very big pond so this is what was confusing me, as the lecturer was surprised that i hadn't received much traffic so im wondering am i going something wrong ? like the firewall is off on the server ive tried opening ports also but ran a port scan on it and showed few ports open but was wondering is there a nice list of ports of something to "invite" people in. As far as i know its in a DMZ meaning its in front or the router firewall too. (am i correct?)

Anyway lads the ip as of now is 89.100.27.193 if it changes ill post up ASAP.
As of people doing port scans the Intrusion detection system im using (Snort) wont pick it up unless i write a rule which im not sure how to do but if anyone knows that be super too.
However even if ya want to bombard it with armitage or something feel free just once it wont shut the server down as i need the summary report if its possible.

Thanks again people.
McAttack
New User
New User
 
Posts: 5
Joined: Thu Apr 19, 2012 7:35 pm
Blog: View Blog (0)


Re: Help needed !!!

Post by pretentious on Sat Apr 21, 2012 12:37 am
([msg=65846]see Re: Help needed !!![/msg])

McAttack wrote:was wondering is there a nice list of ports of something to "invite" people in.

I noticed that like 4 of your open ports were running the same service. I might be a noob and not realise that that's how it works but i think rather than opening every port under the sun, maybe run some interesting services? I was getting all hyped up and ready to get my geek on but only found a bunch of standard looking stuff that provided me with no real attack vector. While doing some research into web exploitation i came across a page giving an example of how to find exploiotable servers. It was to google "powered by php v x.xx" so attackers are looking for the said vulnerable service. Maybe put a redundant database on the system that would intise a would be hacker to go snooping, because i was bored and out of ideas after about 10 mins, though nmap did say something about anonymous ftp login ^_^
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
pretentious wrote:Welcome to bat country
User avatar
pretentious
Contributor
Contributor
 
Posts: 612
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Help needed !!!

Post by McAttack on Wed Apr 25, 2012 12:36 pm
([msg=65948]see Re: Help needed !!![/msg])

Hi,
At the moment i have a simple web service and file service running, i started a ftp service but haven't added anything to it, is there any other interesting services that i could run to attract more attention. im just puzzled how it seems quite secure judging by the by the feedback. like there is no firewall on the server and it is placed in a DMZ on a Thompson router. Can someone just correct me if im wrong on this but does that not mean its not protected by the routers firewall also ?

I am just worried as i approached my lecturer and he thought id have to much traffic some how?
But i was thinking the same as you guys that why out of all the servers out they would people by attracted or find my little crap server as I am a small fish in a big pond.
McAttack
New User
New User
 
Posts: 5
Joined: Thu Apr 19, 2012 7:35 pm
Blog: View Blog (0)


Re: Help needed !!!

Post by LoGiCaL__ on Wed Apr 25, 2012 12:42 pm
([msg=65949]see Re: Help needed !!![/msg])

You can try putting ssh on there with a login on port 22. That usually attracts brute force attempts. Just set login rate high before it kicks the user.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1060
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: Help needed !!!

Post by McAttack on Wed Apr 25, 2012 2:37 pm
([msg=65952]see Re: Help needed !!![/msg])

any good tutorials you know of to accomplish this ?
sorry just not something i know how to do of hand and im running out of time .
cheers
McAttack
New User
New User
 
Posts: 5
Joined: Thu Apr 19, 2012 7:35 pm
Blog: View Blog (0)


Re: Help needed !!!

Post by LoGiCaL__ on Wed Apr 25, 2012 2:45 pm
([msg=65953]see Re: Help needed !!![/msg])

Since it is a windows server you could run the telnet service then just google how to connect. Also, share the C: drive. Then just go to another pc and try to connect to the pc via telnet or mapping to the c:\ drive. You can then download, install and just run wireshark to record all network traffic off the server. Make sure file and printer sharing are on. If you really don't care what happens to the server, you can create a user name with a blank password or maybe even the administrator with a blank password. If you trying to attract other people you can try nmap and scan the ip range for your network and that may attract any would be packet sniffers(possibly). Just set up a batch file to do it like every 5, 10, 15 minutes.

-- Wed Apr 25, 2012 2:57 pm --

Also enable remote desktop so people can connect via RDP.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1060
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Next

Return to Off-Topic

Who is online

Users browsing this forum: No registered users and 0 guests