Honeypots mailing list archives
Re: Honeytokens and detection
From: george chamales <george () overt org>
Date: 05 Apr 2003 17:53:23 -0600
The only way i see about this is running a hacked version of the database,
The way I see it something this useful shouldn't be called a hack, it should be called a feature. I agree that implementing it at the dbase level is the most direct and certainly easiest way to accomplish this. Another, more difficult way would be to build it into the host itself. It wouldn't eliminate the possibility that the mechanism could be circumvented, but it would raise the bar. Linux could easily be hacked (oh yes, it would be a hack) to alert based on what file/sector is being read/written/modified. This would work really well for regular files, i.e. MyCreditCardNumberAndPassword.txt and adduser, but at the moment I'm stuck as to how it could be used to key off of entries in a database. If anyone has any ideas I'd be really eager to her them. george
Current thread:
- Re: Honeytokens and detection, (continued)
- Re: Honeytokens and detection Jeremy Bennett (Apr 03)
- Re: Honeytokens and detection Brian Hatch (Apr 03)
- Re: Honeytokens and detection Jeremy Bennett (Apr 03)
- Re: Honeytokens and detection Bojan Zdrnja (Apr 03)
- RE: Honeytokens and detection Andrew Hintz (Drew) (Apr 04)
- RE: Honeytokens and detection Beau Monday (Apr 03)
- RE: Honeytokens and detection LAVELLE,MICHAEL (HP-PaloAlto,ex1) (Apr 04)
- RE: Honeytokens and detection Glenn_Everhart (Apr 04)
- Re: Honeytokens and detection george chamales (Apr 04)
- Re[2]: Honeytokens and detection Bojan Zdrnja (Apr 05)
- Re: Honeytokens and detection andre (Apr 05)
- Re: Honeytokens and detection george chamales (Apr 05)
- Re[2]: Honeytokens and detection Bojan Zdrnja (Apr 05)
- Re: Honeytokens and detection Jack Whitsitt (jofny) (Apr 05)
- FW: Honeytokens and detection TimTim (Apr 06)