|
|
|
|
|
|
by flas9sd
2895 days ago
|
|
|
can you elaborate on your canary system? I speculate you would need to setup your own DNS. For correlating subsequent inspection, you would need to do some allocation of honeypot addresses in a ip(v6?) prefix and capture that traffic. Logging requests to unique subdomains on a webserver you control would be another quickly built and limited mechanism. Embedding prepared urls in Email comes to my mind as another method of counter reconnaissance on the whole network delivery path. Though you would want to inform the legitimate recipient. Thanks for the ideas. |
|
|