Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Remote OS Deception?

From: bwick () BOMBDIGGITY COM (Robert Wick)
Date: Wed, 3 Mar 1999 18:47:23 -0800

In follow-up to the thread on remote OS detection, has anyone successfully
deployed any type of OS "deception" or "honeypot" technology.  I have been
working with the Deception ToolKit and looking at the "decoy services" provided
by the ISS RealSecure product, but I am interested in hearing about other
peoples experiences in deploying this technology.  I think the most value could
be gained in two areas:

1.     Internal deployment of deception technology to provide "vulnerable"
services and tracking internal attackers attempting to exploit exploit rich
internal hosts.

2.     External deployment (DMZ) of deception technology to provide demographics

as to the scope and depth of external attacks.  This could be a useful tool to
justify
additional security resources.

I have not seen much discussion on this technology, outside of the discussions
on OS type obfuscation, and I would be interested in hearing about experiences
with vulnerable service deception.  In the case of vulnerable OS deception, does

the open source model really work?  How quickly will a version of nmap or Satan
be built to identify deception hosts if the source is public?

--
Robert Wick
bwick () bombdiggity com



------------------------------------------------------------
 * http://www.bombdiggity.com/ *  Yeah, baby, YEAH!
Previous By Date Next
Previous By Thread Next

Current thread: