A new way to catch hackers
Results 1 to 7 of 7

Thread: A new way to catch hackers

  1. #1
    Senior Member
    Join Date
    Nov 2002
    Posts
    382

    A new way to catch hackers

    The honeypot principle is getting the application level. The basic idea is that someone who read an "honeytoken" information that should never been read (because fake & useless) is detected as a hacker...

    Honeytokens are pieces of seemingly enticing information that have no useful value. Embedded in ways so that no innocent person should accidentally stumble upon them, honeytokens trigger alarms when viewed, grabbed or downloaded. For example, a bank could insert a fake credit card number into its files and then set up a program called a "sniffer" on the network that would send out an alarm if anyone touched that particular number.
    Full article here
    [shadow] SHARING KNOWLEDGE[/shadow]

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I remember that thread in BugTraq. Some of the points brought up was the potential of using data that could be related to a real person such as a SIN or Credit Card info. Part of it, I think, was the ethical potential. And if the data didn't look legit, the attacker is less likely to take it. So what do you put up then for the honeytoken?

    There seems to be a point missing from the article (unless I missed it): the honeytokens would be in a database. They mention a file but database access would be more likely to have personal data like SINs and CCs in it. I think it's a nice additional layer to an admins whole security system, especially ISPs, financials, HRs, etc.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    Such a principle could be coupled with heuristic/statistic studies.
    One example: In a banking database 30% of account could be faked. Hackers (a black hat presumably) penetrating such a database will surely not restrict ist access to one entry of the base. Statistically by scanning 4 entries, he will be detected for sure.
    The data memory counter part is not a big issue.

    Another example: At school, the database containing exam results could be faked for each entry. 1 student as 2 entries in the database one fake launch the alarm the other true and access has to be gain thanks authentication.
    I think that the idea is just bright because undetecable remotly. I think that a hacker will have to social engineering the database as a unique solution to protect himself.
    [shadow] SHARING KNOWLEDGE[/shadow]

  4. #4
    Senior Member
    Join Date
    Apr 2003
    Posts
    147
    yes, it would seem that there would need to be a boolean field to differentiate between real and trapped records, I'm sure a solution to this would be simple, but at it's most basic form, all an attacker would need to find out is the value that means 'trapped' and arrange his querries appropriately, thus rendering the honeypot useless.

  5. #5
    Junior Member
    Join Date
    Dec 2001
    Posts
    12
    the best way is still cheese, hackers cant resist it.

    the best way is still cheese, hackers cant resist it.

    the best way is still cheese, hackers cant resist it.

  6. #6
    Member
    Join Date
    Mar 2003
    Posts
    49
    cheese? what are you on man? share, damn.

  7. #7
    Senior Member
    Join Date
    Feb 2003
    Posts
    193
    Pure California Cheese, comes from the happy cows, Happy cows comes from california.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •