|
IDS
mailing list archives
Re: RES: Protocol Anomaly Detection IDS - Honeypots
From: "Mike Shaw" <mike () shawnuff net>
Date: Fri, 21 Feb 2003 08:54:23 -0800
For example, you create a word document that has the title of payroll
or 'research and development'. You put whatever fluff you want
in the
document, and give it a "tracking number", such as 14A8478bG98734T90AAZ.
This is something I've been doing on my production networks for a couple years now, but at more than the wire level.
Think:
Excel spreadsheets of bogus usernames and passwords.
Fake info being passed over AIM and other cleartext protocols on a hub.
Bogus customer records in a banking app.
Bogus hosts in host lists.
File names that should never be in a directory scan.
False DNS entries such as "accounting.domain.com"
The possibilities are endless.
-Mike
-----------------------------------------------------------
Does your IDS have Intelligent Attack Profiling?
If not, see what you're missing.
Download a free 15-day trial of StillSecure Border Guard.
http://www.securityfocus.com/stillsecure
 By Date 
By Thread
Current thread:
- RE: Protocol Anomaly Detection IDS - Honeypots, (continued)
RES: Protocol Anomaly Detection IDS - Honeypots Augusto Paes de Barros (Feb 21)
Re: RES: Protocol Anomaly Detection IDS - Honeypots Mike Shaw (Feb 21)
RE: RES: Protocol Anomaly Detection IDS - Honeypots Augusto Paes de Barros (Feb 21)
Re: RES: Protocol Anomaly Detection IDS - Honeypots Marc Benoit (Feb 21)
Re: RES: Protocol Anomaly Detection IDS - Honeypots Frank Knobbe (Feb 25)
|
Intro
