Re: [fw-wiz] DNS Names for external services



If you are not up to running a Honeypot, run a "learning opportunity" server.

Let him sign in.

Put a README file on the server. In the README say

"IT uses this server to store malware and spyware, DO NOT INSTALL APPLICATIONS OR EXECUTABLE FILES YOU FIND HERE"

Create an executable that pops up a message

"DID YOU NOT READ THE README?
WHY ON EARTH ARE YOU INSTALLING THINGS YOU KNOW NOTHING ABOUT?
/headslap"

You can do this with ww.$yourcompany.com and wwww.$yourcompany.com, too, and you'll protect yourself from DNS response modification in the process.

Andre Lima wrote:

What happens when one of your legit users says "I wonder if we have an
FTP server?" and tries ftp.$YOURCOMPANY.com just to see if it answers?

Since it's a honeypot and not a production system, the legit user just won't be able to sign in and give up by the very first attempt.

- Lima
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

begin:vcard
fn:David Piscitello
n:Piscitello;David
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
email;internet:dave@xxxxxxxxxxx
x-mozilla-html:FALSE
url:http://hhi.corecom.com/weblogindex.htm
version:2.1
end:vcard

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards