[47811] in North American Network Operators' Group
Re: Arbor Networks DoS defense product
daemon@ATHENA.MIT.EDU (Dan Hollis)
Wed May 15 16:55:15 2002
Date: Wed, 15 May 2002 13:54:40 -0700 (PDT)
From: Dan Hollis <goemon@anime.net>
To: Rob Thomas <robt@cymru.com>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <ROTMAILER.0205151538090.17216-100000@dragon.sauron.net>
Message-ID: <Pine.LNX.4.44.0205151347020.31318-100000@sasami.anime.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 15 May 2002, Rob Thomas wrote:
> ] It could be very useful as deterrence to know their criteria.
> For the low fee of a cool t-shirt or a bit of gear for my lab I'd be
> happy to spread rumours about the mad fast honeypot residing within
> your prefixes. :)
disinformation as a means to raise the level of uncertainty for the
attacker, it's classic military tactic. what other military tactics can
be used to make life more dangerous for attackers?
i've been tossing around an idea for a "land mine network". randomly
distributed honeypots around the internet. when X landmines are hit from
the same source, that source gets entered into a BGP blackhole feed which
anyone can subscribe to. put landmines in popularly targeted networks,
maybe even make them randomly move about. there are all sorts of wonderful
tactics that could be put to use.
scanning would quickly become self defeating as attackers would only
manage to cut themselves off from the net.
-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]
