IIS Honeypots

IIS Honeypots are a great way to keep people from doing damage to your IIS boxes.  There’s a variety of techniques that you can use to create a honey pot on your web servers.One technique which I like is to configure an additional Website within IIS to handle website requests which are sent to incorrect host headers.  This does require that you setup all your sites to use host headers.  Then setup a website to listen on all IPs on the server but with no host headers.  This way it will answer all requests which are made to IP addresses only.  Then configure this site in IIS to require authentication and not allow anynomous authentication.  This will present the scripts that the script kiddies with a username and password.  Most of there scripts don’t know how to handle a username and password prompt.  Then remove the rights from the folder so that what ever accont the script tries will fail.

Don’t forget to log the requests and check them regularly so that you can block access to those IPs if needed.

This technique works well in other web servers as well, I’m just most farmilier with IIS.

Denny

Share and Enjoy:
  • Print
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • Fark
  • Twitter
September 22nd, 2009 in Attack Scripts, IIS, Servers, Web Servers | tags: ,

Leave a comment

Your comment