[Dshield] file sharing honeyfile idea

Johannes Ullrich jullrich at sans.org
Thu Aug 8 20:25:33 GMT 2002

Thanks for all the offers of help and to write a program!
Too many to respond to everyone ;-). But I think it is ok
to have a couple of them. To test different ideas about
what people click on and such.

Here the basic rules:

DO NO HARM... the program should do nothing but:
1) display disclaimer
2) access URL
3) exit, or display an exit message.

do not write or read from disk (aside from whats required to
run this program).

Social engineering is ok. But the initial disclaimer has to
state that the IP address will be recorded if you click 'ok'.

The program should 'register' at the following URL:


The two parameters are optional, but should be used in the
following way:

id: a random number specific to the system to avoid double counting.
n: a short name/id for your program.

If you want to write a program to participate, send me an
email, attach the program and a short note telling me what
the program exactly does/displays and how you use the two

Please include source. If you use a P2P system, feel free to
'inject' it yourself. I will post them to some usenet groups
and other applicable places.

This is very much a 'social engineering' experiment. How easy is
it to get people to click the ok button without carefully reading
what the program does.

jullrich at sans.org             Collaborative Intrusion Detection
                                    join http://www.dshield.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20020808/effae2c9/attachment.bin

More information about the list mailing list