10

Is there a name for a system that is designed to be hacked into?

(Alternatively, there may be a different name for a system that is designed to look like it is hacked in to, but is actually just emulating?)

And is there a name for an executable that looks interesting to a hacker (for example decryptor.executable next to temporary-backup.sql.encrypted) but is really/also designed to gather and transmit information about the user running it?

700 Software
  • 13,807
  • 3
  • 52
  • 82
  • Gather what type of information exactly? – Ramhound Dec 29 '11 at 19:11
  • That is not known. In fact, it is not certain that we will implement the data collector. If implemented, it could be as simple as telling us it was in fact executed, and maybe the OS of the machine (we would also find out if it was executed on a different IP then where it was downloaded), it could send much more (directory structures), or even ask for instructions (a door into the hacker's environment). I would like to know if there is a name for anything similar, that is specifically designed as a response to an unsuccessful, seemingly successful hack attempt. – 700 Software Dec 29 '11 at 19:20
  • You might be able to get the ip address because your web server knows which a file has been accessed. You are unlikely to be able to anything beyond that. What you want to know is not clear. An unsucessful hack attempt is just that unsucesful. If you have an open backdoor to your server, then its just that, a backdoor. I suggest you figure out WHAT you want to do and ask this question again. This is way to vague. – Ramhound Dec 29 '11 at 20:49
  • 3
    @Ramhound - It's a useful and widely-used anti-intrusion technique. Knowing what sort of attacks you may be subject to will help you protect against them. It may be a rather simple terminology question, but it's not a straightforward answer to search for. – pdubs Dec 29 '11 at 22:05
  • 3
    @Ramhound - honeypots are widely used to collect information, not necessarily of the attacker's address, which is likely to be spoofed anyway, but their methods and techniques, specific code used, how they are targeting you etc. A great source of information – Rory Alsop Dec 30 '11 at 11:13
  • 1
    "If implemented, it could be as simple as telling us it was in fact executed": if you just want to be able to know if a file was observed by an attacker, then one way to do this is to put an unencrypted bitcoin wallet with some small amount of bitcoin in it in the directory. Later, if anyone has transferred the bitcoin out of it, then you know someone has gotten access to the wallet. – Macil Mar 23 '17 at 18:41

1 Answers1

20

I believe the term you're looking for is "honeypot".

700 Software
  • 13,807
  • 3
  • 52
  • 82
pdubs
  • 1,103
  • 6
  • 12