Sunday, 26 May 2013


Qcuick process/cheat sheet for the harrassed activist, or hacktivist.

How to catch someone who is doing illegal things to do you online (in this case, specifically, illegally accessing your local or remote machines (aka cracking* your computer).).

1) Concept Used.
2) Toolset (free).
3) Definitions.

"1) Honeypot (computing)

From Wikipedia, the free encyclopedia
In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.




Honeypots can be classified based on their deployment and based on their level of involvement. Based on deployment, honeypots may be classified as:
  1. production honeypots
  2. research honeypots
Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations; Production honeypots are placed inside the production network with other production servers by an organization to improve their overall state of security. Normally, production honeypots are low-interaction honeypots, which are easier to deploy. They give less information about the attacks or attackers than research honeypots do.
Research honeypots are run to gather information about the motives and tactics of theBlackhat community targeting different networks. These honeypots do not add direct value to a specific organization; instead, they are used to research the threats organizations face and to learn how to better protect against those threats.[1] Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.
Based on design criteria, honeypots can be classified as
  1. pure honeypots
  2. high-interaction honeypots
  3. low-interaction honeypots
Pure honeypots are full-fledged production systems. The activities of the attacker are monitored using a casual tap that has been installed on the honeypot's link to the network. No other software needs to be installed. Even though a pure honeypot is useful, stealthiness of the defense mechanisms can be ensured by a more controlled mechanism.
High-interaction honeypots imitate the activities of the real systems that host a variety of services and, therefore, an attacker may be allowed a lot of services to waste his time. According to recent researches in high interaction honeypot technology, by employing virtual machines, multiple honeypots can be hosted on a single physical machine. Therefore, even if the honeypot is compromised, it can be restored more quickly. In general, high interaction honeypots provide more security by being difficult to detect, but they are highly expensive to maintain. If virtual machines are not available, one honeypot must be maintained for each physical computer, which can be exorbitantly expensive. Example: Honeynet.
Low-interaction honeypots simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the security of the virtual systems. Example: Honeyd.

[edit]Spam versions

Spammers abuse vulnerable resources such as open mail relays and open proxies. Some system administrators have created honeypot programs that masquerade as these abusable resources to discover spammer activity. There are several capabilities such honeypots provide to these administrators and the existence of such fake abusable systems makes abuse more difficult or risky. Honeypots can be a powerful countermeasure to abuse from those who rely on very high volume abuse (e.g., spammers).
These honeypots can reveal the apparent IP address of the abuse and provide bulk spam capture (which enables operators to determine spammers' URLs and response mechanisms). For open relay honeypots, it is possible to determine the e-mail addresses ("dropboxes") spammers use as targets for their test messages, which are the tool they use to detect open relays. It is then simple to deceive the spammer: transmit any illicit relay e-mail received addressed to that dropbox e-mail address. That tells the spammer the honeypot is a genuine abusable open relay, and they often respond by sending large quantities of relay spam to that honeypot, which stops it. The apparent source may be another abused system—spammers and other abusers may use a chain of abused systems to make detection of the original starting point of the abuse traffic difficult.
This in itself is indicative of the power of honeypots as anti-spam tools. In the early days of anti-spam honeypots, spammers, with little concern for hiding their location, felt safe testing for vulnerabilities and sending spam directly from their own systems. Honeypots made the abuse riskier and more difficult.
Spam still flows through open relays, but the volume is much smaller than in 2001 to 2002. While most spam originates in the U.S.,[2] spammers hop through open relays across political boundaries to mask their origin. Honeypot operators may use intercepted relay tests to recognize and thwart attempts to relay spam through their honeypots. "Thwart" may mean "accept the relay spam but decline to deliver it." Honeypot operators may discover other details concerning the spam and the spammer by examining the captured spam messages.
Open relay honeypots include Jackpot,[3][dead link] written in Java,,[4][dead link] written in Python, and spamhole,[5] written in C. The Bubblegum Proxypot[6][dead link] is an open proxy honeypot (or proxypot).

[edit]E-mail trap

An e-mail address that is not used for any other purpose than to receive spam can also be considered a spam honeypot. Compared with the term spamtrap, the term "honeypot" might better be reserved for systems and techniques used to detect or counter attacks and probes. Spam arrives at its destination "legitimately"—exactly as non-spam e-mail would arrive.
An amalgam of these techniques is Project Honey Pot. The distributed, open-source Project uses honeypot pages installed on websites around the world. These honeypot pages hand out uniquely tagged spamtrap e-mail addresses. and Spammers can then be tracked as they gather and subsequently send to these spamtrap e-mail addresses.

[edit]Database honeypot

Databases often get attacked by intruders using SQL Injection. Because such activities are not recognized by basic firewalls, companies often use database firewalls. Some of the available SQL database firewalls provide/support honeypot architectures to let the intruder run against a trap database while the web application still runs as usual.[7][dead link]


Just as honeypots are weapons against spammers, honeypot detection systems are spammer-employed counter-weapons. As detection systems would likely use unique characteristics of specific honeypots to identify them, a great deal of honeypots in use makes the set of unique characteristics larger and more daunting to those seeking to detect and thereby identify them. This is an unusual circumstance in software: a situation in which "versionitis" (a large number of versions of the same software, all differing slightly from each other) can be beneficial. There's also an advantage in having some easy-to-detect honeypots deployed. Fred Cohen, the inventor of the Deception Toolkit, even argues that every system running his honeypot should have a deception port that adversaries can use to detect the honeypot.[8] Cohen believes that this might deter adversaries.


Two or more honeypots on a network form a honeynet. Typically, a honeynet is used for monitoring a larger and/or more diverse network in which one honeypot may not be sufficient. Honeynets and honeypots are usually implemented as parts of largernetwork intrusion detection systems. A honeyfarm is a centralized collection of honeypots and analysis tools.[9][10][dead link]
The concept of the honeynet first began in 1999 when Lance Spitzner, founder of the Honeynet Project, published the paper "To Build a Honeypot":
"A honeynet is a network of high interaction honeypots that simulates a production network and configured such that all activity is monitored, recorded and in a degree, discreetly regulated."[11]

[edit]See also

[edit]References and notes

  1. ^ Lance Spitzner (2002). Honeypots tracking hackersAddison-Wesley. pp. 68–70.ISBN 0-321-10895-7.
  2. ^ Sophos reveals latest spam relaying countries from Help Net Security[when?]
  3. ^ Jackpot
  4. ^
  5. ^ Spamhole - The Fake Open SMTP Relay on SourceForge
  6. ^ The Bubblegum Proxypot
  7. ^ secure your database using honeypot architecture
  8. ^ Fred Cohen. Deception ToolKit. Viewed April 8th, 2006.
  9. ^ Weaver, Nicholas C., Wormholes and a Honeyfarm: Automatically Detecting Novel Worm (PowerPoint)
  10. ^ Honeynets a Honeynet Definition (PDF) by Ryan Talabis from
  11. ^ Know Your Enemy: GenII Honeynets from

[edit]Further reading

[edit]External links

 Become Human!  Donate  

2) BackTrack

From Wikipedia, the free encyclopedia
BackTrack 5 R1.png
BackTrack 5 R3
Company / developerMati Aharoni, Devon Kearns, Offensive Security.[1]
OS familyUnix-Like
Working stateActive
Source modelOpen source
Latest stable release5 R3 / August 13, 2012; 7 months ago
Supported platformsi386 (x86)AMD64 (x86-64)ARM
Kernel typeMonolithic
Default user interfaceBashKDE Plasma DesktopFluxbox,[2][3]GNOME
BackTrack was a distribution based on the Debian GNU/Linux distributionaimed at digital forensics andpenetration testing use.[4] It was named after backtracking, a search algorithm. In March 2013 the Offensive Security team later replaced it with a successor product, Kali Linux.[5]




The BackTrack distribution originated from the merger of two formerly competing distributions which focused on penetration testing:
  • WHAX: a Slax based Linux distribution developed by Mati Aharoni, a security consultant. Earlier versions of WHAX were called Whoppix[6] and were based on Knoppix.
  • Auditor Security Collection: a Live CD based on Knoppix developed by Max Moser which included over 300 tools organized in a user-friendly hierarchy.
The overlap with Auditor and WHAX in purpose and in their collection of tools partly led to the merger.


BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option.
BackTrack includes many well known security tools including:
BackTrack arranges tools into 12 categories:
  • Information gathering
  • Vulnerability assessment
  • Exploitation tools
  • Privilege escalation
  • Maintaining access
  • Reverse engineering
  • RFID tools
  • Stress testing
  • Forensics
  • Reporting tools
  • Services
  • Miscellaneous


February 5, 2006BackTrack v.1.0 Beta
May 26, 2006The BackTrack project released its first non-beta version (1.0).
March 6, 2007BackTrack 2 final released.
June 19, 2008BackTrack 3 final released.
January 9, 2010BackTrack 4 final release. (Linux kernel
May 8, 2010BackTrack 4 R1 release
November 22, 2010BackTrack 4 R2 release
May 10, 2011BackTrack 5 release (Linux kernel 2.6.38)
August 18, 2011BackTrack 5 R1 release (Linux kernel
March 1, 2012BackTrack 5 R2 release (Linux kernel 3.2.6[7])
August 13, 2012BackTrack 5 R3 release[4]
March 13, 2013Kali 1.0 release[8]
As soon as newer versions of BackTrack are released, older versions lose their support and service from the BackTrack development team.


[edit]External links

 Become Human!  Donate  

3) Definitions

Hacker (computer security)

From Wikipedia, the free encyclopedia
In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge.[1] The subculture that has evolved around hackers is often referred to as the computer underground and is now a known community.[2] While other uses of the word hacker exist that are not related to computer security, such as referring to someone with an advanced understanding of computers and computer networks, they are rarely used in mainstream context.[citation needed] They are subject to the long standing hacker definition controversyabout the true meaning of the term hacker. In this controversy, the term hacker is reclaimed by computer programmers who argue that someone breaking into computers is better called a cracker

The White Rabbit!

Humanity Arising #Ascension2013 #TRUTH

No comments :

Post a comment

Only members (obviously) can comment; no moderation; direct to page.

Note: only a member of this blog may post a comment.