Home page logo

focus-ids logo IDS mailing list archives

Re: RES: Protocol Anomaly Detection IDS - Honeypots
From: "Mike Shaw" <mike () shawnuff net>
Date: Fri, 21 Feb 2003 08:54:23 -0800

For example, you create a word document that has the title of payroll
or 'research and development'.  You put whatever fluff you want 
in the
document, and give it a "tracking number", such as 14A8478bG98734T90AAZ.

This is something I've been doing on my production networks for a couple years now, but at more than the wire level.

Excel spreadsheets of bogus usernames and passwords.
Fake info being passed over AIM and other cleartext protocols on a hub.
Bogus customer records in a banking app.
Bogus hosts in host lists.
File names that should never be in a directory scan.
False DNS entries such as "accounting.domain.com"

The possibilities are endless.


Does your IDS have Intelligent Attack Profiling?
If not, see what you're missing.
Download a free 15-day trial of StillSecure Border Guard.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]