lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: dropstatd at hush.ai (dropstatd@...h.ai)
Subject: proxy honeynet

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings list.

I am considering setting up what I have called a Proxy Honeynet to
study attack trends, identify blackhat activity and help to
shutdown
organised crime groups.

The idea is basically to setup a number of open proxy servers on
default ports around the world and to either:

a) wait for scanners to pick them up
b) submit them to proxylists and open proxy sites
c) hand them out to known scammer/hacker groups on irc and web

These open proxies would be heavily monitored and any attacks would
be
quickly identified, documented and reported to the appropriate
people.
Any surfing, email or chat traffic through the proxies would be
logged
and analysed.

I am seeking suggestions as to the viability and legality of this
idea. I am well aware that making available an open proxy service
could leave the proxy owner responsible for all malicious activity
originating from his/her server. One suggestion I have been given
is
to post a disclaimer on a web page on the server, stating something
like:

"this proxy service is private and not for unauthorised use. Any
unauthorised usage will be subject to monitoring. Users of this
service agree that they will be held responsible for any traffic
passing through this service".

I think this would be an interesting endeavour and could provide a
real service to the Internet community in stemming illegal
activities.

Your comments are welcome either on the list or in private.

Regards,
DS.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkIZIVgACgkQB4XCCykO6nRN2gCeI2wYMsuRfF0aKGMvaB/UipJ1KqgA
njt/BcG+HkNX71pCtliWYPaXoGyl
=dKAl
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ