Brett,

Any information that you hope to get from this
"honeypot" Guest account is going to be skewed. You
see, any attacker worth generating a report on is
going to first do what she can to determine the status
of the Administrator account. This is relatively
simple to do via null session enumeration, for
example. Further, the attacker will be able to see
the SID of the account, and will know that the account
named "Administrator" isn't the account she wants to
target.

Of course, if you choose to block off all means of
null session enumeration or logging in remotely, you
then obviate the need for a "honeypot" Guest account
all together.

--- Brett Harmond <brett_harmondyahoo.com> wrote:
> Windows NT Server
>
> Since I can't delete the Guest account, I would like
> to use the Guest account as a "honeypot"
> Administrator
> account. Thus, I have already renamed my
> Administrator account to something else and I will
> be
> renaming my Guest account to "Administrator".
> Idealistically, I'd like this account to be
> disabled,
> have a really good password, and essentially no
> rights. If the account is disabled, can anyone
> trying
> to break into the system detect that the account is
> disabled and thus immediately detect that this is
> not
> the real Administrator account? In general, without
> logging into a system, what information about user
> accounts can be determined? Are there any tools out
> there to query account information from outside the
> system?
>
> Thanks in advance.
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Listen to your Yahoo! Mail messages from any phone.
> http://phone.yahoo.com

__________________________________________________
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]