Sunday, February 20, 2005

GooglePot?

Okay, I don't get this one. To quote the site: Google Hack
Honeypot is the reaction to a new type of malicious web traffic: search
engine hackers.

Here's my take on it (please correct me if I'm
wrong):

  • It's not a new type of malicious web traffic. Google's
    spider generates the traffic (it's legitimate traffic). At that point,
    exposure is your (the owner's) problem.
  • It's not a new type of
    malicious web traffic. It's a reconnaissance technique and is not
    necessarily malicious as the tools/techniques are available to
    all.
  • I think it slightly misses the definition of a honeypot in
    that attackers are researching known exploits via Google and are getting
    pointed towards GHH. At best, you might get a list of IPs attempting to
    exploit a vulnerability.
  • As GHH relies on Google entries to
    point to the honeypot, it lessens Google's accuracy just a bit more
    (little though it may be).

That said, I'd still like to try
it out as it IS an interesting approach.

Comments, thoughts,
beatings?