Honeypots mailing list archives
Re: Honeytokens and detection
From: Jeremy Bennett <jeremy_f_bennett () yahoo com>
Date: Thu, 3 Apr 2003 16:50:39 -0800 (PST)
In general you should not generate decoy/deception data from real data by filtering it through any reversible algorithm. Imagine if you added 1 to the 8th digit of all credit card numbers in your DB and then used those in your honeypot. Of course your honeypot gets hacked, the CC numbers get stolen and you feel you've learned a lot about the hacker. Then the algorithm you used (adding 1 to the 8th digit) is leaked. Now everyone with that 'bogus' CC DB can convert it back to a real DB. Better to use syntactically valid numbers that are not, and will never be, working. Remember, our attackers have access to the same web sites we do. The smart attacker is going to verify the numbers. -J --- Brian Hatch <honeypots () ifokr org> wrote:
What would be even better is if the IRS or some credit card companies could post or distribute such honeytoken numbers, so we within the security community are certain we are not implanting valid numbers.You can easily create bogus credit card numbers, since they use a check digit to be sure that it's valid. The first relevant page I found via google describes the check digit algorithms, and proper format (prefix/length) of the numbers for various credit card companies, so generating a number that looked good should be pretty easy. However the easiest is probably to just take a hundred credit card numbers that you already have stored, and add 1 to one of the middle digits at random. It's guarenteed to break the check digit algorithm, but other than that it looks fine, with no need to actually generate them. -- Brian Hatch "In five minutes we're Systems and going to take a nap." Security Engineer -- Bri http://www.ifokr.org/bri/ "No! Ten Minutes!" -- Reegen, age 21 months. Every message PGP signed
ATTACHMENT part 2 application/pgp-signature
Current thread:
- Honeytokens and detection Lance Spitzner (Apr 03)
- Re: Honeytokens and detection Bram Matthys (Syzop) (Apr 03)
- Re: Honeytokens and detection Brian Hatch (Apr 03)
- Re: Honeytokens and detection Jeremy Bennett (Apr 03)
- Re: Honeytokens and detection Brian Hatch (Apr 03)
- Re: Honeytokens and detection Jeremy Bennett (Apr 03)
- Re: Honeytokens and detection Bojan Zdrnja (Apr 03)
- RE: Honeytokens and detection Andrew Hintz (Drew) (Apr 04)
- <Possible follow-ups>
- RE: Honeytokens and detection Beau Monday (Apr 03)
- RE: Honeytokens and detection LAVELLE,MICHAEL (HP-PaloAlto,ex1) (Apr 04)
- RE: Honeytokens and detection Glenn_Everhart (Apr 04)
- Re: Honeytokens and detection george chamales (Apr 04)
- Re[2]: Honeytokens and detection Bojan Zdrnja (Apr 05)
- Re: Honeytokens and detection andre (Apr 05)
- Re: Honeytokens and detection george chamales (Apr 05)
- Re[2]: Honeytokens and detection Bojan Zdrnja (Apr 05)