Hacking back in degrees
I created a powershell version of the Windows honeyport that John presented on PaulDotCom episode 203.
This version is nice because it doesn't require netcat. Any feedback is appreciated.
A nice facility for this might be a whitelist of addresses or address ranges that will not be blacklisted under any circumstances.
Good point, I'd like to add a few other features as well.
let's say, in my environment, I have scheduled Nessus scans covering my infrastructure, and I want to deploy this -- and not always on the same port -- it seems to me that I may be in for trouble. I suppose I could schedule it to be down...or maybe modify the code to add a white list of hosts it might ignore.
Being lazy, maybe I could suggest that as a feature request?
Oops, should've read XyLog's comment first, and your response. Doh!
I've added some additional updates to Honeyport. Thanks to some help from Carlos a.k.a. "Darkoperator", it now uses Powershell jobs to open more than one port, it has whitelisting, and I've added event logging.
Sign Upor Sign In
© 2014 Created by strandjs.
Report an Issue |
Terms of Service
Please check your browser settings or contact your system administrator.