[47810] in North American Network Operators' Group
Re: Arbor Networks DoS defense product
daemon@ATHENA.MIT.EDU (Rob Thomas)
Wed May 15 16:41:12 2002
Date: Wed, 15 May 2002 15:40:51 -0500 (CDT)
From: Rob Thomas <robt@cymru.com>
To: NANOG <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.44.0205151336520.31195-100000@sasami.anime.net>
Message-ID: <ROTMAILER.0205151538090.17216-100000@dragon.sauron.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Hi, Dan.
] What leads them to believe this?
Well folks aren't exactly subtle about their honeypots. Read any of
the popular security lists for examples of "Hi! My honeypot was hit
last night with blah and blah, here is the sniffer trace..." The
underground shares and trades information as well, so some of the
miscreants learn from experience or each other which networks respond
to attacks, scans, hacking, etc.
] It could be very useful as deterrence to know their criteria.
For the low fee of a cool t-shirt or a bit of gear for my lab I'd be
happy to spread rumours about the mad fast honeypot residing within
your prefixes. :)
Thanks,
Rob.
--
Rob Thomas
http://www.cymru.com/~robt
ASSERT(coffee != empty);
