Valdis.Kletnieks at vt.edu
Fri Mar 10 16:31:15 GMT 2006
On Fri, 10 Mar 2006 09:13:20 EST, "Jon R. Kibler" said:
> Would it be ethical to do so? Legal?
IANAL, so hire a good one and ask their opinion. ;)
> 3) Have the shell script submit the bogus data (netcat, etc.) to the phish
> site one bogus identity at a time.
You need to make sure that the bogus identities come from enough different IP
addresses to not be obviously a data-stuffing attack. You'd almost need a whole
herd of slave machines scattered all over the place.. like a botnet. ;)
> A real dumb phisher may even try to use bogus data and that may be the
> trigger that gets them caught.
It's called a "honeytoken", and a fairly old concept - salting bank and hospital
records with "interesting" but bogus records (for famous politicians, movie
stars, etc) and seeing who pulls the record dates back to the '70s.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 228 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060310/18e67fe3/attachment.bin
More information about the list