In follow-up to the thread on remote OS detection, has anyone successfully deployed any type of OS "deception" or "honeypot" technology. I have been working with the Deception ToolKit and looking at the "decoy services" provided by the ISS RealSecure product, but I am interested in hearing about other peoples experiences in deploying this technology. I think the most value could be gained in two areas: 1. Internal deployment of deception technology to provide "vulnerable" services and tracking internal attackers attempting to exploit exploit rich internal hosts. 2. External deployment (DMZ) of deception technology to provide demographics as to the scope and depth of external attacks. This could be a useful tool to justify additional security resources. I have not seen much discussion on this technology, outside of the discussions on OS type obfuscation, and I would be interested in hearing about experiences with vulnerable service deception. In the case of vulnerable OS deception, does the open source model really work? How quickly will a version of nmap or Satan be built to identify deception hosts if the source is public? -- Robert Wick bwickat_private ------------------------------------------------------------ * http://www.bombdiggity.com/ * Yeah, baby, YEAH!
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:02 PDT