I could be reading this wrong, but i think symantec is coming out (or has come out with) a honeypot prog for your network.
check it out.
symantec decoy server
http://enterprisesecurity.symantec.c...?ProductID=157
Printable View
I could be reading this wrong, but i think symantec is coming out (or has come out with) a honeypot prog for your network.
check it out.
symantec decoy server
http://enterprisesecurity.symantec.c...?ProductID=157
i noticed that many vendors for various appliance/software is doing their own version of psuedo-IDS type of system. even web filtering vendors like websense added to their v.5 line of their product to "trap" unqualified web activity, etc... didn't symantec recently bought an security firm also dealing with IDS'?
-w0rm3y
seems to be something like that... didnt found any honeypot yet (i think :Q)
but who will buy this? only big firms that have a well configured sytems and server just to be sure everything is ok...
Unless SickyourIT and I are both reading this wrong ;), I would say that this is the definition of a honeypot. It lures in attacks and allows you to monitor the attacker's activity while they are in a confined environment. I don't know if I'd buy it, but I would say that "Decoy Server" is just Symantec's way of marketing a honeypot. Nice link, SickyourIT...Quote:
Originally posted here by CraZy_AhmaD
seems to be something like that... didnt found any honeypot yet (i think :Q)
but who will buy this? only big firms that have a well configured sytems and server just to be sure everything is ok...
I've heard about it, but I think Symantec may have bought it, or the company who developed, and called it it's own. It's called ManTrap, runs on Solaris systems and is incredibly pricey. Lance Spitzner talks about it in his "Honeypots: Tracking Hackers" book, an entire chapter actually, but makes no reference to it being owned by Symantec.
If it's the same one I'm thinking of, it runs on Solaris and creates "cages" which are basically images of fully functional OSes, allowing the attacker to interact with them like a normal OS. Only difference is, is that "he's", being watched. I also hear, through the grape vine, that it's insanely expensive, upwards of $24,000(US), for the version that allows the maximum of four cages. Lesser cages is lesser in cost, but still in the thousands of (US)dollars.
It's some cool stuff though. A group using it was able to discover a previously unknown dtspcd vulnerability in Solaris systems using ManTrap.
Here is an idea. Why buy a program to use as a honeypot. Why not just make a "real" one?
What happened to that idea? Now we gotta have a damn program for everything. I do realize that alot of these programs are really good. But they all have one flaw. They are all the same. When an exploit is found to actually gain arbitrary information about a symantec honeypot, or how to fingerprint it, how to hack it. How ever you wanna exploit it, Your screwed. Just like the other five hundred thousand people that bought it. Till they patch it of course. Let's be realistic for a second. People who are looking for mischief are only as honest as their options. If I can't deface that page the first two or three tries. I try something else. Your big iron takes the sorry trojan scan, the IDS kicks in and you know who they are there before they figure out what they are trying to root.
2 cents
Symantec just renamed Mantrap to decoy server. they bought mantrap and manhunt from recourse technologies last year. (The symantec website makes a reference to the name change). I heard about it on some web conference (SANS?). Will have to try it.
Symantec Decoy Server*
*(Formerly Symantec ManTrap)