Firewall Wizards mailing list archives
Re: Boobytraps
From: Ryan Russell <ryan () securityfocus com>
Date: Fri, 25 Aug 2000 14:04:08 -0700 (PDT)
Sure. Replace ls with a version that alerts a remote machine. Have something watching for the machine to go into promiscuous mode. Have a dummy account that has easily cracked password that should never get a login. Leave some suid programs around that alarm. I'm not aware of any that you can go download. Problem is, you pretty much need to invent your own burglar alarms. If an attacker suspects they are there, most are easily bypassed. Since they are detection mechanisms rather than prevention mechanisms, you're stuck having to hide their existance. Ryan On Fri, 25 Aug 2000, Tony Miedaner wrote:
Hey Folks, Anyone got any suggestions on useful boobytraps to detect unauthorized access for Solaris boxes.
_______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Re: Boobytraps Ryan Russell (Aug 26)
- <Possible follow-ups>
- Re: Boobytraps Stephen P. Berry (Aug 26)
- RE: Boobytraps Smith, John (Aug 28)