Deception Toolkit

Papers about Deception - all.net Home Page


The Deception Toolkit Home Page and Mailing List


DTK faq DTK Example DTK download V 1999-08-18 Intro Example Logs

New DTK GUI Exclusively available on White Glove

Our Mission:

Our mission is to discuss issues surrounding deception and the deception toolkit from the definition of what it is to how to do it and everywhere between.

Rules of Engagement

Rule 1: The mailing list is fully moderated and the moderator (fc at all.net) at his sole discretion and without recourse of any sort, reserves the right to edit entries, remove or ignore submissions, and comment on submissions.

Rule 2: No advertising is allowed other than paid advertising that supports the mailing list. This includes extensive signature lines, voluminous discussions of any individual product or service, or anything else that would tend to sell sell sell.

Rule 3: You can sign up or off the list in the same way as you make submissions to the list. Because we are fully moderated, it all goes to the same place anyway.

Rule 4: You will not be solicited, the list will not be sold, and so forth. This does not mean that people will not find out about your email address through postings to the list (unless you request that they be anonymous), but it means we won't sell or give away the information and there is no automatic way to get it.

Rule 5: Be polite and respectful or it won't be published - or worse yet - I may edit it to make it civil (there's something you don't want to have happen).


Press here to submit, sign-up, or remove

Back Issues:

19980313 - 19980315 - 19980316 - 19980318 - 19980831 - 19980904 - 19980927 - 19981014 - 19981031 - 19981107 - 19981120 - 19981210 - 19981211 - 19981212 - 19990101 - 19990102 - 19990106 - 19990123 - 19990307 - 19990326 - 19990405 - 19990409 - 19990410 - 19990412 - 19990414 - 19990420 - 19990603 - 19990615 - 19990627 - 19990720 - 19990724

Introduction and Basic Idea:

The Deception ToolKit (DTK) is a toolkit designed to give defenders a couple of orders of magnitude advantage over attackers.

The basic idea is not new. We use deception to counter attacks. In the case of DTK, the deception is intended to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities. DTK's deception is programmable, but it is typically limited to producing output in response to attacker input in such a way as to simulate the behavior of a system which is vulnerable to the attackers method. This has a few interesting side effects:


See also Managing Network Security for related articles.

Thank you