Honeypots mailing list archives
RE: Honeytokens and detection
From: "Andrew Hintz \(Drew\)" <drew () overt org>
Date: Fri, 4 Apr 2003 10:04:03 -0600
I'm fairly certain that I heard some CC companies do this already. IIRC, they add fake numbers to various databases and if a purchase is attempted against one of those honeytoken CCs, then they know someone's being evil. I'll try to hunt down the source of this info. I think a large benefit of this at the network level is ensuring encryption policies. Hopefully your institution has a policy stating that CCs can only be accessed over an encrypted channel. A NIDS could then be used to look for unencrypted honeytoken CCs floating around on the wire. It would be able to catch things such as benevolent admins making backups of sensitive DBs over unencrypted channels. Lance Spitzner wrote:
For example, create bogus social security numbers and store them in your SSN database. If the honeytoken SSN's hit your network, someone may have just grabbed your database. For a CC database, insert honeytoken CC's and monitor for those to hit your wire. Once again, if you see someone retrieving these numbers, someone is most likely being naughty.
Current thread:
- Honeytokens and detection Lance Spitzner (Apr 03)
- Re: Honeytokens and detection Bram Matthys (Syzop) (Apr 03)
- Re: Honeytokens and detection Brian Hatch (Apr 03)
- Re: Honeytokens and detection Jeremy Bennett (Apr 03)
- Re: Honeytokens and detection Brian Hatch (Apr 03)
- Re: Honeytokens and detection Jeremy Bennett (Apr 03)
- Re: Honeytokens and detection Bojan Zdrnja (Apr 03)
- RE: Honeytokens and detection Andrew Hintz (Drew) (Apr 04)
- <Possible follow-ups>
- RE: Honeytokens and detection Beau Monday (Apr 03)
- RE: Honeytokens and detection LAVELLE,MICHAEL (HP-PaloAlto,ex1) (Apr 04)
- RE: Honeytokens and detection Glenn_Everhart (Apr 04)
- Re: Honeytokens and detection george chamales (Apr 04)
- Re[2]: Honeytokens and detection Bojan Zdrnja (Apr 05)
- Re: Honeytokens and detection andre (Apr 05)
- Re: Honeytokens and detection george chamales (Apr 05)
- Re[2]: Honeytokens and detection Bojan Zdrnja (Apr 05)
- Re: Honeytokens and detection Jack Whitsitt (jofny) (Apr 05)
- FW: Honeytokens and detection TimTim (Apr 06)