Honeypots mailing list archives
Re: which part of dynamic honeypot that needs 'intelligent'?
From: Valdis.Kletnieks () vt edu
Date: Wed, 27 Apr 2005 03:09:28 -0400
On Tue, 26 Apr 2005 17:26:40 EDT, Randy said:
I'm flushing out details for implementation and response plans for a highly interactive honeynet on the part of the admin...haven't come up with a term that fully grasps where I want to go with this yet. honey TRAP comes to mind, since I do want to continually make things not work for the intruder after I get them interested and show initial success.
Read Cheswick's "An Evening with Berferd". Remember that if you do what Cheswick did with the fake FTP password file, the game will probably be over... :) The secret here is that you don't want *everything* to not work once they're interested - you want to emulate that "90% works, 5% is broken, and 5% is so wonky we're not sure *what* it is" that poorly administered systems tend to degrade into (remember - if much more than 10% is broken, the machine will eventually fail to return from one of its frequent reboots, or it may be summarily defenistrated by the user....)
Attachment:
_bin
Description:
Current thread:
- which part of dynamic honeypot that needs 'intelligent'? dcneting (Apr 20)
- Re: which part of dynamic honeypot that needs 'intelligent'? Randy (Apr 26)
- Re: which part of dynamic honeypot that needs 'intelligent'? Valdis . Kletnieks (Apr 27)
- Re: which part of dynamic honeypot that needs 'intelligent'? Randy (Apr 26)