Hosting Provided By

Re: Honeytokens and Detection

From: Christian Kreibich <christian(at)whoop.org>
Date: Mon Jul 21 2003 - 07:17:27 EDT

On Sat, 2003-07-19 at 02:21, Stephen P. Berry wrote:
> -----BEGIN PGP SIGNED MESSAGE-----

[SNIP]
> Don't get me wrong---it's a very Good Thing that more and more security

I'd have to agree. In particular I think that the smarter admins out there have been using the concept for years without making a big deal out of it -- it just didn't have the spiffy name yet but was commonly called a "trap" :) For example, keeping unused accounts around to detect activity has been done for a long time.

Hell I think set up my first honeytoken in my first month at Uni -- I created ~/.private, put "passwords.txt" in there and tried to monitor accesses using a script that logged the access time in stat(1) output.

I agree that it's good to make the idea known under a catchy phrase but sorry Lance, every time you mention your tokens you're triggering my hype alert sensor :)

Cheers,
Christian.

-- 
________________________________________________________________________
                                                    
http://www.whoop.org


---------------------------------------------------------------------------
---------------------------------------------------------------------------

Received on Tue Jul 22 00:34:10 2003

This message: [ Message body ]
Next message: Christian Kreibich: "Re: Traffic Balancing on High-speed IDS"
Previous message: Will Schmied: "Windows Open source/Freeware security tools"
In reply to Stephen P. Berry: "Re: Honeytokens and Detection"
Next in thread: Ankit Fadia: "Re: Honeytokens and Detection"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:16 EDT

Do you need help?