The final M is for misery. The misery that you hope to inflict on anyone who intrudes on your network.
(and no, we can’t break their legs with a sledgehammer via the Internet.)
Yesterday, I mentioned that we would come back to fake files.
If someone has managed to get into your systems (or you’ve let them in through a honeypot), they are going to begin looking for valuable data. So why not give them some?
A common first step is to look for user login information. The attacker will download backups of the SAM (user database in Windows), try to get to the shadow file in a Linux environment, or grab the .htaccess file on a webserver. You might be able to plant fakes by changing the default file locations to a unique new location, then planting bad data where they would be expected. This only causes a little misery in wasted time and frustration at trying to use numerous bad user accounts.
To cause a bit more misery we can set up some traps.
Depending on what you are enticing them to take, this could get into legal gray areas. However, some things should be perfectly fine.
This lovely little file clocks in at a tidy 42 bytes. But if someone were to expand the entire thing, they’d wipe out all of their hard disk space, as it grows to 4.5 petabytes.
It might be tempting to leave a virus or rootkit for the attacker to download, but as I said above, you may be breaking some laws if you do so.
Messing with traspassers on your network is a great way to dissuade them from coming back to your neck of the woods.