Re: honeytokens in databases

[Felix Groebert <felix () groebert org>]

gvij2000 () yahoo com (2006-09-18, 15:14):
> hi
>   I would like some guidance in creating and deploying honeytokens.
>    
>   1.Coming up with honeytoken data that would interest hackers.

If you embed information about the collector into the honeytoken they
are even more effective. I.e. password = magic xor ipaddress. see [1]

>   2.How and where do I place the data so that I can monitor hackers.

Also depends on the target and the hacker; a general approach might be
that you put the credentials in a Apache httpd directory listing and
make sure google indexes it.

If you are targeting phishers or other large scale crackers with
automated credential-collecting tools [2] might interest you.

[1] http://koeln.ccc.de/schnucki/
[2] http://groebert.org/felix/pub/papers/TR_BiGaGr06Phoneypot_2.pdf

Cheers,
-- 
 Felix Groebert  <>  groebert.org/felix  <>  GPG key: 6B44113F