Home page logo
/

focus-ids logo IDS mailing list archives

Re: RES: Protocol Anomaly Detection IDS - Honeypots
From: "Mike Shaw" <mike () shawnuff net>
Date: Fri, 21 Feb 2003 08:54:23 -0800


For example, you create a word document that has the title of payroll
or 'research and development'.  You put whatever fluff you want 
in the
document, and give it a "tracking number", such as 14A8478bG98734T90AAZ.


This is something I've been doing on my production networks for a couple years now, but at more than the wire level.

Think:
Excel spreadsheets of bogus usernames and passwords.
Fake info being passed over AIM and other cleartext protocols on a hub.
Bogus customer records in a banking app.
Bogus hosts in host lists.
File names that should never be in a directory scan.
False DNS entries such as "accounting.domain.com"

The possibilities are endless.

-Mike

-----------------------------------------------------------
Does your IDS have Intelligent Attack Profiling?
If not, see what you're missing.
Download a free 15-day trial of StillSecure Border Guard.
http://www.securityfocus.com/stillsecure


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]