Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS Names for external services

From: Dave Piscitello <dave () corecom com>
Date: Tue, 27 Apr 2010 09:49:15 -0400
If you are not up to running a Honeypot, run a "learning opportunity" server. 

Let him sign in.

Put a README file on the server.  In the README say
"IT uses this server to store malware and spyware, DO NOT INSTALL APPLICATIONS OR EXECUTABLE FILES YOU FIND HERE" 

Create an executable that pops up a message

"DID YOU NOT READ THE README?
 WHY ON EARTH ARE YOU INSTALLING THINGS YOU KNOW NOTHING ABOUT?
 /headslap"
You can do this with ww.$yourcompany.com and wwww.$yourcompany.com, too, and you'll protect yourself from DNS response modification in the process. 

Andre Lima wrote:



What happens when one of your legit users says "I wonder if we have an
FTP server?" and tries ftp.$YOURCOMPANY.com just to see if it answers?
Since it's a honeypot and not a production system, the legit user just won't be able to sign in and give up by the very first attempt. 

- Lima
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Attachment: dave.vcf
Description: 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: