Forums
Main Category
General (Technical,...
Honeypots
 
Notifications
Clear all

Honeypots

 
Page 2 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by jaclaz 12 years ago
15 Posts
7 Users
0 Reactions
1,423 Views
RSS
 Sarah_Camp
(@sarah_camp)
Active Member
Joined: 14 years ago
Posts: 6
Topic starter 18/02/2013 10:32 pm  

Trewnte - Thank you very much for your list of references. They are very helpful for my project. I have came across a couple before you mentioned them, but not some of the others (which were more useful).

Randomaccess - So do you think that it's unlikely for a hacker to alter log files to hide their tracks?

Keydet89 - thank you for your explanation. My scenario for my project is going to be that they don't back up the honeypot logs or send them to a different location. During an investigation how would you go about examining to see if log files have been changed?

Thank you all for taking the time to respond.


   
ReplyQuote
MDCR
 MDCR
(@mdcr)
Reputable Member
Joined: 15 years ago
Posts: 376
19/02/2013 7:57 am  

During an investigation how would you go about examining to see if log files have been changed?

- Missing records.
- Tools claiming that logfiles have been altered/corrupted.
- Bad or out of order timestamps.
- Changes to system time.
- Other logfiles indicating events that are missing.
- Indicators of anti-forensics software.
- Configuration changes to logging software.
- Missing or mismatching digital signatures.


   
ReplyQuote
 randomaccess
(@randomaccess)
Reputable Member
Joined: 14 years ago
Posts: 385
19/02/2013 1:53 pm  

Randomaccess - So do you think that it's unlikely for a hacker to alter log files to hide their tracks?

Alter log files sure. but not on a honeypot. unless they didnt realise it was a honeypot and they thought it was the real deal.


   
ReplyQuote
 Sarah_Camp
(@sarah_camp)
Active Member
Joined: 14 years ago
Posts: 6
Topic starter 21/02/2013 3:45 am  

Thanks, all your comments have been helpful.

My project scenario is a hacker not realising it's a honeypot.

Do you know if honeypot log files can be used as evidence in a UK court?


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
21/02/2013 3:40 pm  

My project scenario is a hacker not realising it's a honeypot.

I would give for acquired that you don' t have "Hey, I am an honeypot!" printed all over the pages of the site.

Earlier you stated how the idea was "someone hiding their tracks on an honeypot".

So I am not getting it.

I mean, does the hypothetical hacker ALWAYS try to hide his/her track on ANY site?

Then the dissertation is about "how to find attempts to hide tracks on *any* site" or "techniques used by hackers to cover their tracks".

Or it is about techniques used (or to be used) by the "good guys", and then the dissertation is about "how to create a honeypot capable of preventing tracks hiding by hackers" or "how to use honeypot techniques on your site to prevent tracks hiding by hackers".

Same goes for

Do you know if honeypot log files can be used as evidence in a UK court?

I mean in which way a honeypot log file is different from any other website log file?

jaclaz


   
ReplyQuote
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: