IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RES: Protocol Anomaly Detection IDS - Honeypots

From: "dreamwvr () dreamwvr com" <dreamwvr () dreamwvr com>
Date: Fri, 21 Feb 2003 10:42:23 -0700
On Fri, Feb 21, 2003 at 11:17:46AM -0000, Augusto Paes de Barros wrote:

Lance's point can be expanded in very interesting views. Why use only
honeypots "hosts" or "nets", when whe can use accounts, documents, info,
etc? I was developing an idea that I call "honeytokens", to use on Windows
networks. Basically, information that shouldn't be flowing over the network
and, if you can detect it, something wrong is happening.


How would you implement that? Without being obvious? 

Best Regards,
dreamwvr () dreamwvr com

-- 
/*  Security is a work in progress - dreamwvr                 */
#                                                             
# Note: To begin Journey type man afterboot,man help,man hier[.]      
#                                                             
// "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \?  ;-]

-----------------------------------------------------------
Does your IDS have Intelligent Attack Profiling?
If not, see what you're missing.
Download a free 15-day trial of StillSecure Border Guard.
http://www.securityfocus.com/stillsecure
Previous By Date Next
Previous By Thread Next

Current thread: