Actually, the next generation. Typically, honey pots are static and use
techniques that are readily identifiable with a binary signature run, or a
process load test. ManTrap uses a live dynamically changing environment
model. In other words, when the hacker peels the onion - he/she will find a
live environment, e.g., if to be a proposed email server - ficticious, or real
names are in email accounts - sending and receiving email - as would be
expected - why? The hacker feels comfortable that he has met his/her objective
and may be inclined to stay a little while and educate you on your server
vulnerabilities.
Chao!
"Crumrine, Gary L" wrote:
> ala honey pot?
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> > Sent: Wednesday, May 10, 2000 11:46 AM
> > To: Eddy Kalem
> > Cc: '[EMAIL PROTECTED]'
> > Subject: Re: FW: Redirecting closed port connections
> >
> > Eddy,
> >
> > Rather than redirect to a reporting agency, there is an inexpensive
> > solution
> > out there (approx. 3K+) that will do just what you ask. ManTrap ( by
> > recourse
> > technologies) works with your existing firewall and any violations to your
> > security policy that you wish to be investigated will be redirected to a
> > prototype environment (hopefully one that mimics your real site - only
> > difference is the infrastructure behind the site is a dynamic model to
> > appease
> > the hacker). Meanwhile, every key stroke he makes and the source of his
> > origin is being recorded and derived respectively.
> >
> > Just a thought...
> >
> > Eddy Kalem wrote:
> >
> > > Does anyone know if there's a host or an organization I can redirect
> > > non-permitted port connections to. For example, say someone's trying to
> > > exploit port 1080 at my firewall--which I'm currently blocking at my
> > > firewall--and lets say instead of blocking the address, I redirect it,
> > > keeping the originating IP address, to the G men's web server or some
> > other
> > > organization that logs this type of activity. Is there such a site?
> > >
> > > Eddy Kalem
> > > Phyve, formerly Digital Medical Systems
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
