Hosting Provided By

Re: RES: Protocol Anomaly Detection IDS - Honeypots

From: <dreamwvr(at)dreamwvr.com>
Date: Fri Feb 21 2003 - 12:42:23 EST

On Fri, Feb 21, 2003 at 11:17:46AM -0000, Augusto Paes de Barros wrote:
> Lance's point can be expanded in very interesting views. Why use only
> honeypots "hosts" or "nets", when whe can use accounts, documents, info,
> etc? I was developing an idea that I call "honeytokens", to use on Windows
> networks. Basically, information that shouldn't be flowing over the network
> and, if you can detect it, something wrong is happening.

How would you implement that? Without being obvious?

Best Regards,
dreamwvr@dreamwvr.com

-- 
/*  Security is a work in progress - dreamwvr                 */
#                                                             
# Note: To begin Journey type man afterboot,man help,man hier[.]      
#                                                             
// "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \?  ;-]

-----------------------------------------------------------
Does your IDS have Intelligent Attack Profiling?
If not, see what you're missing.
Download a free 15-day trial of StillSecure Border Guard.
http://www.securityfocus.com/stillsecure

Received on Fri Feb 21 12:47:39 2003

This message: [ Message body ]
Next message: Levinson, Karl: "RE: Web server response to attacks"
Previous message: Christian Kreibich: "Re: ids detect malicious encrypted data?"
In reply to: Augusto Paes de Barros: "RES: Protocol Anomaly Detection IDS - Honeypots"
In reply to Augusto Paes de Barros: "RE: RES: Protocol Anomaly Detection IDS - Honeypots"
Next in thread: Rob Shein: "RE: Protocol Anomaly Detection IDS - Honeypots"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:10 EDT