Sign in / up

back to article Researchers camouflage haxxor traps with fake application traffic

Honeypots just got sweeter after researchers cooked up new digital bait designed to tempt hackers into revealing themselves by tapping into what are faked communications between an enterprise application and its users. The idea behind the new creation is to lure seasoned bad guys into honeypots and in doing so reveal their …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Charles 9

    A Turing Test for Honeypots?

    So basically, creating a server that looks so much like a legit server that a hacker can't tell the difference between it and a real server?

    Why do I keep thinking the Turing Test for some reason?

    PS. I know it's not an exact analogue, but the basic idea is the same: a simulation of a real server that can't be distinguished from the real thing, only in this case used intentionally as a bait. Sort of like creating a highly-convincing drug dealer persona for a police sting.

    2 0 Reply
  2. Truth4u

    just sayin

    the effort they put into keeping an eye on honeypots could go to keeping an eye on real servers.

    1 0 Reply
    1. Charles 9
      Reply Icon

      Re: just sayin

      Trouble with that idea is that intruders are like roaches and mice. They can usually slip under your notice until it's too late, staying under the radar and in the places no one bothers to look because bothering to look everywhere takes too much time and money and they'll just slip in after you leave. That's why we use roach bait and mouse traps...and honeypots in this case. If you can't find them, make them come to you.

      1 0 Reply
      1. Pascal Monett Silver badge
        Reply Icon

        Except that, in this case, the roaches can read up on the trap procedures, since the documentation is online.

        Does that defeat the purpose ?

        0 0 Reply
        1. Charles 9
          Reply Icon

          No, because this is more along the lines of cameras with no blind spots or "Police officers may be posing as employees." The traps are getting to the point that an outside is hard pressed to tell if it's a trap or not until you're beyond the point of no return, as with a bomb that's impossible to defuse (and it IS entirely possible to make a bomb with a one-way arming mechanism--think sacrificial braces or glass bulbs). Just because you know the trap's there doesn't mean there's much you can do about it.

          0 0 Reply
    2. Michael Wojcik Silver badge
      Reply Icon

      Re: just sayin

      the effort they put into keeping an eye on honeypots could go to keeping an eye on real servers

      Sure. And the effort a driver puts into operating a car could be used to walk instead. That doesn't always mean it's the better option.

      1 0 Reply
  3. graeme leggett Silver badge

    Historically sound practices

    Same principles as the invention of the 1st US Army Group and British Fourth Army in the lead up to the Normandy landings. For the deception to be convincing, it not only has to look right but also behave right. The Allied preparations included some fake installations and camps but a lot of authentic looking signal traffic.

    Perhaps they could also make the systems browse the internet during lunch hours.

    Anyone invented a honeypot that is actually a Q-ship?

    3 0 Reply
    1. Fred Flintstone Gold badge
      Reply Icon

      Re: Historically sound practices

      I've been arguing for years that deception should be a standard part of network defence techniques, possibly with added tarpits on unused ports so a port scanner either drains its resources or is left with the high cost of maintaining a modified IP stack that times out quicker (which creates its own problems).

      The problem is, however, that deception should mimic local conditions or it'll become easy to detect and ignore, so it takes skills to set it all up. Given that deception has an as yet undefined ROI I guess it may be a harder sell to the bean counters, but corporate lawyers help with estimated costs and impact of a breach.

      Excellent research IMHO.

      1 0 Reply
      1. Fatman
        Reply Icon

        Re: Historically sound practices

        Given that deception has an as yet undefined ROI I guess it may be a harder sell to the bean counters, but corporate lawyers help with estimated costs and impact of a breach.

        That is the crux of the problem - the dammed bean counters. Typical of manglement, they can't comprehend the value of misdirection and deception. Their little minds do not have the computing capacity.

        I have always wondered how much 'trouble' you might get 'in to' if you set up a honeypot and used sufficient bait, that when opened or executed on a hacker's machine would poison it. Think of handing your friendly hacker a cyanide pill for his computer. Would you get into 'trouble' if you left something that tempting just lay out there in a folder with a 'juicy name' (like patent registrations, "legal" strategies, etc)?

        0 0 Reply
        1. DNTP
          Reply Icon

          Re: Historically sound practices

          Well obviously you'd get written up by either the auditors or the inspectors from your certification authority that you were exposing sensitive information on your network, simply because they wouldn't have anything in their inspection manual that describes what a "honeypot" is, nor allow any kind of "but it is FALSE sensitive information" mitigation. The whole concept is too creative for that type.

          Or, possibly, a slightly more technical but equally stupid auditor would attempt to connect to the machine and copy the "patents and patients" folder, and end up swallowing the poison pill himself… it's probably better not to serve out poison, but simply document as much information on an attacker as possible and then let slip the legal beagles of war.

          0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like