Bugtraq mailing list archives
Remote OS Deception?
From: bwick () BOMBDIGGITY COM (Robert Wick)
Date: Wed, 3 Mar 1999 18:47:23 -0800
In follow-up to the thread on remote OS detection, has anyone successfully deployed any type of OS "deception" or "honeypot" technology. I have been working with the Deception ToolKit and looking at the "decoy services" provided by the ISS RealSecure product, but I am interested in hearing about other peoples experiences in deploying this technology. I think the most value could be gained in two areas: 1. Internal deployment of deception technology to provide "vulnerable" services and tracking internal attackers attempting to exploit exploit rich internal hosts. 2. External deployment (DMZ) of deception technology to provide demographics as to the scope and depth of external attacks. This could be a useful tool to justify additional security resources. I have not seen much discussion on this technology, outside of the discussions on OS type obfuscation, and I would be interested in hearing about experiences with vulnerable service deception. In the case of vulnerable OS deception, does the open source model really work? How quickly will a version of nmap or Satan be built to identify deception hosts if the source is public? -- Robert Wick bwick () bombdiggity com ------------------------------------------------------------ * http://www.bombdiggity.com/ * Yeah, baby, YEAH!
Current thread:
- Remote OS Deception? Robert Wick (Mar 03)
- Security Conference Announcement: the Black Hat Briefings '99 Dominique Brezinski (Mar 03)
- Oracle Plaintext Password James Kivisild (Mar 04)
- Linux /usr/bin/gnuplot overflow xnec () INFERNO TUSCULUM EDU (Mar 04)
- Re: Linux /usr/bin/gnuplot overflow Lars Hecking (Mar 05)
- Re: Linux /usr/bin/gnuplot overflow Hans-Bernhard Broeker (Mar 05)
- Re: Linux /usr/bin/gnuplot overflow Andrea Arcangeli (Mar 05)
- buffer overflow in /usr/bin/cancel Josh A. Strickland (Mar 05)
- Re: Linux /usr/bin/gnuplot overflow -- SuSE hasnt fixed lsof Mario Lorenz (Mar 05)
- Update to Microsoft Security Bulletin (MS99-006) aleph1 () UNDERGROUND ORG (Mar 05)
- More Internet Explorer zone confusion Jim Paris (Mar 05)
- Re: Linux /usr/bin/gnuplot overflow Lars Hecking (Mar 05)