Home page logo

focus-ids logo IDS mailing list archives

Re: RES: Protocol Anomaly Detection IDS - Honeypots
From: "dreamwvr () dreamwvr com" <dreamwvr () dreamwvr com>
Date: Fri, 21 Feb 2003 10:42:23 -0700

On Fri, Feb 21, 2003 at 11:17:46AM -0000, Augusto Paes de Barros wrote:
Lance's point can be expanded in very interesting views. Why use only
honeypots "hosts" or "nets", when whe can use accounts, documents, info,
etc? I was developing an idea that I call "honeytokens", to use on Windows
networks. Basically, information that shouldn't be flowing over the network
and, if you can detect it, something wrong is happening.

How would you implement that? Without being obvious? 

Best Regards,
dreamwvr () dreamwvr com

/*  Security is a work in progress - dreamwvr                 */
# Note: To begin Journey type man afterboot,man help,man hier[.]      
// "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \?  ;-]

Does your IDS have Intelligent Attack Profiling?
If not, see what you're missing.
Download a free 15-day trial of StillSecure Border Guard.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]