|
Honeypots
mailing list archives
Re: which part of dynamic honeypot that needs 'intelligent'?
From: Valdis.Kletnieks () vt edu
Date: Wed, 27 Apr 2005 03:09:28 -0400
On Tue, 26 Apr 2005 17:26:40 EDT, Randy said:
I'm flushing out details for implementation and response plans for a highly
interactive honeynet on the part of the admin...haven't come up with a term
that fully grasps where I want to go with this yet. honey TRAP comes to
mind, since I do want to continually make things not work for the intruder
after I get them interested and show initial success.
Read Cheswick's "An Evening with Berferd". Remember that if you do what Cheswick
did with the fake FTP password file, the game will probably be over... :)
The secret here is that you don't want *everything* to not work once they're
interested - you want to emulate that "90% works, 5% is broken, and 5% is so
wonky we're not sure *what* it is" that poorly administered systems tend to
degrade into (remember - if much more than 10% is broken, the machine will
eventually fail to return from one of its frequent reboots, or it may be
summarily defenistrated by the user....)
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
| 
Intro
