IDS mailing list archives
Re: RES: Protocol Anomaly Detection IDS - Honeypots
From: "Mike Shaw" <mike () shawnuff net>
Date: Fri, 21 Feb 2003 08:54:23 -0800
For example, you create a word document that has the title of payroll or 'research and development'. You put whatever fluff you want in the document, and give it a "tracking number", such as 14A8478bG98734T90AAZ.
This is something I've been doing on my production networks for a couple years now, but at more than the wire level. Think: Excel spreadsheets of bogus usernames and passwords. Fake info being passed over AIM and other cleartext protocols on a hub. Bogus customer records in a banking app. Bogus hosts in host lists. File names that should never be in a directory scan. False DNS entries such as "accounting.domain.com" The possibilities are endless. -Mike ----------------------------------------------------------- Does your IDS have Intelligent Attack Profiling? If not, see what you're missing. Download a free 15-day trial of StillSecure Border Guard. http://www.securityfocus.com/stillsecure
Current thread:
- Re: RES: Protocol Anomaly Detection IDS - Honeypots, (continued)
- Re: RES: Protocol Anomaly Detection IDS - Honeypots dreamwvr () dreamwvr com (Feb 21)
- RE: Protocol Anomaly Detection IDS - Honeypots Rob Shein (Feb 21)
- RE: Protocol Anomaly Detection IDS - Honeypots Jordan K Wiens (Feb 21)
- RE: Protocol Anomaly Detection IDS - Honeypots Rob Shein (Feb 21)
- RE: Protocol Anomaly Detection IDS - Honeypots Jordan K Wiens (Feb 21)
- RE: Protocol Anomaly Detection IDS - Honeypots Rob Shein (Feb 21)
- RES: Protocol Anomaly Detection IDS - Honeypots Augusto Paes de Barros (Feb 21)
- RE: Protocol Anomaly Detection IDS - Honeypots Rob Shein (Feb 21)
- RE: Protocol Anomaly Detection IDS - Honeypots pbsarnac (Feb 21)
- RE: Protocol Anomaly Detection IDS - Honeypots Jordan K Wiens (Feb 21)
- Re: RES: Protocol Anomaly Detection IDS - Honeypots Frank Knobbe (Feb 25)
- Re: RES: Protocol Anomaly Detection IDS - Honeypots Lance Spitzner (Feb 25)