Create a Web Black Hole - Webmaster General forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Create a Web Black Hole

I want to make one

carfac

6:43 pm on Apr 5, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Hi:

Does anyone know the specifics of how to make a black hole on your server?

What I tried was to dedicate one IP in the range I have to nothing... lets call it 123.123.123.123. I skipped that number in my rc.conf (I go from 123.123.123.122 to 123.123.123.124). Is that good, or is there a better way to do this.

What I would like is something that gives NO response at all... just sits there.

I use this IP to send any requests for stupid files to (requests like this:

RewriteRule (strmver¦MSOffice¦cltreq\.asp¦owssvr\.dll¦_vti_bin¦orders¦Auth_data) [123.123.123.123...] [NC,R=301,L]

RewriteRule (autoexec¦formmail\.pl¦formmail.cgi¦_mem_bin¦cgi-bin¦cgi-local¦NULL\.¦scripts) [123.123.123.123...] [NC,R=301,L]

# Block browser-unresolved ../../ relative directory access tricks
RewriteCond %{REQUEST_URI} ^.*(\.\./)
RewriteRule [123.123.123.123...] [R=301,L]

I have other silly requests I rewrite, too... just want to give you an idea.

My thought is to waste as much of these punks time.... but use as little of my resources as possible.

Any thoughts?

dave

Ankheg

7:10 pm on Apr 5, 2003 (gmt 0)

10+ Year Member

There's an application for SMTP called "teergrube" (tar pit) which does something very similar for relaying attempts, but I don't know of anything similar for http requests...

txbakers

11:20 pm on Apr 7, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

You can use 127.0.0.0 which is a black hole as well.

Filipe

11:40 pm on Apr 7, 2003 (gmt 0)

10+ Year Member

I'm curious, what exactly is a black hole on a server and what would be the point? (I think you may have explained it in your first post, but I'd like clarification)

HowlingWizard

11:46 pm on Apr 7, 2003 (gmt 0)

10+ Year Member

Or use various IPs in the 192.168.x.x range. These are reserved for local networks. If they are coming from behind a firewall this might redirect them back into their own local network. (Let them probe their own systems).

toadhall

1:33 am on Apr 8, 2003 (gmt 0)

10+ Year Member

> what exactly is a black hole?

A simulation of a vulnerable web resource. Can be used as a ruse to draw attention away from the real resource, or as a trap. Sometimes just to delay the attacker in dead-ended corridors, or sometimes a real trap - once in and the door slams shut.

Labrea Tarpit got a lot of attention a few years back. Back Officer Friendly; Deception Toolkit; Mantrap; Spectre; Bigeye; HoneyD; NetFacade; Tiny Honeypot; Smoke Detector are other variations on the theme.

T

u4eas

10:48 am on Apr 8, 2003 (gmt 0)

10+ Year Member

what is the best way to do this?

I would love to have a little added safety on my iis web server.

Cheers-

u4ea

carfac

4:50 pm on Apr 8, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

u4eas:

What I do on my site is take the common requests from hackers and viruses, and just mod-rewrite them to the black hole. So if you are requesting "/default.ida" (which I THINK is code red), my computer would just tell the requesting computer, "Wait a second!" and then just appear to hang...

dave

txbakers

6:49 pm on Apr 8, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I modify my hosts file on the Windows server and point all these offending advertisers URLs to 127.0.0.0 and I never see their ads.

As new ones come through I just add them to the hosts file.

Works very well.

I should probably post that list on my web site for people to download.