Honeypots: Re: Honeytokens and detection

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Honeypots mailing list archives

Re: Honeytokens and detection

From: george chamales <george () overt org>
Date: Fri, 4 Apr 2003 15:51:33 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One problem I see with the whole concept is that if I was the otherside,
I'd be using an encrypted tunnel to grab the info.

I think that relying on network traffic is the wrong way to handlethis. I suggest having hooks set up on the host itself that monitorwhen the "token" is opened, read, modified, etc. In effect, real-timefile integrity checking/tripwire on the fly. With a bit of work theintegrity checking could be hidden from all the users on the system andalerts could be sent covertly off of the host.


All in all, I really like the idea.

george
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (Darwin)

iD8DBQE+jf5v52U0zfoU/mIRAhmtAJwO/WLfH78n03VDgfDXDWK7XYWD9gCcCZ2S
XJC0wH05H4zYIdtFC99ZX/g=
=oBwN
-----END PGP SIGNATURE-----

By Date By Thread

Current thread:

Re: Honeytokens and detection, (continued)
- Re: Honeytokens and detection Bojan Zdrnja (Apr 03)
- RE: Honeytokens and detection Andrew Hintz \(Drew\) (Apr 04)
- RE: Honeytokens and detection Beau Monday (Apr 03)
- RE: Honeytokens and detection LAVELLE,MICHAEL \(HP-PaloAlto,ex1\) (Apr 04)
- RE: Honeytokens and detection Glenn_Everhart (Apr 04)
- Re: Honeytokens and detection george chamales (Apr 04)
  - Re[2]: Honeytokens and detection Bojan Zdrnja (Apr 05)
    - Re: Honeytokens and detection andre (Apr 05)
    - Re: Honeytokens and detection george chamales (Apr 05)
  - Re: Honeytokens and detection Jack Whitsitt \(jofny\) (Apr 05)
- FW: Honeytokens and detection TimTim (Apr 06)