|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
IDS: Honey pots & increasing the odds
Steve Coleman (Steve.Coleman
jhuapl.edu)
Fri, 27 Aug 1999 10:10:25 -0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: twv14: "IDS: Introduction / General query"
- Previous message: Lisbon: "IDS: RE: [NTSEC] Default trojan ports"
FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------
--- Hi,Knowing that honey pots don't advertise and most organizations don't have a class C address space to waist on a virtual network, has anybody tried using NAT to redirect all the *unused* addresses in their space to a single honey pot living in a DMZ? Would this work? It seems to me that if someone were scanning your domain looking for a good place to set foot in it they would be more likely to try the honey pot. Some random differences could be introduced by blocking random ports on various instances of the same honey pot so that they don't all look too much alike. If the NAT and real addresses were interleaved throughout the address range it might be more likely to detect some obscure coordinated and/or moderated scans etc.. Statistically It would be much more likely for a hacker to ring a few bells and get your attention before he even starts his attack. Comments?
-- Steve Coleman <Steve.Coleman
- Next message: twv14: "IDS: Introduction / General query"
- Previous message: Lisbon: "IDS: RE: [NTSEC] Default trojan ports"
This archive was generated by hypermail 2.0b3 on Fri Aug 27 1999 - 21:38:49 CDT