Firewall Wizards mailing list archives

Re: Boobytraps

From: Ryan Russell <ryan () securityfocus com>
Date: Fri, 25 Aug 2000 14:04:08 -0700 (PDT)

Sure.  Replace ls with a version that alerts a remote machine.  Have
something watching for the machine to go into promiscuous mode.  Have a
dummy account that has easily cracked password that should never get a
login.  Leave some suid programs around that alarm.  

I'm not aware of any that you can go download.  Problem is, you pretty
much need to invent your own burglar alarms.  If an attacker suspects they
are there, most are easily bypassed.  Since they are detection mechanisms
rather than prevention mechanisms, you're stuck having to hide their
existance.  

                                        Ryan

On Fri, 25 Aug 2000, Tony Miedaner wrote:

Hey Folks,

Anyone got any suggestions on useful boobytraps to detect unauthorized
access for Solaris boxes.



_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

Re: Boobytraps Ryan Russell (Aug 26)
- <Possible follow-ups>
- Re: Boobytraps Stephen P. Berry (Aug 26)
- RE: Boobytraps Smith, John (Aug 28)