From owner-freebsd-security  Wed Aug 12 05:38:18 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA22922
          for freebsd-security-outgoing; Wed, 12 Aug 1998 05:38:18 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns0.fast.net.uk (ns0.fast.net.uk [194.207.104.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA22904
          for <freebsd-security@FreeBSD.ORG>; Wed, 12 Aug 1998 05:38:13 -0700 (PDT)
          (envelope-from netadmin@fastnet.co.uk)
Received: from bofh.fast.net.uk (bofh.fast.net.uk [194.207.104.22])
	by ns0.fast.net.uk (8.9.0/8.8.7) with ESMTP id NAA11976;
	Wed, 12 Aug 1998 13:37:46 +0100 (BST)
Received: from localhost (localhost [127.0.0.1])
	by bofh.fast.net.uk (8.8.8/8.8.5) with SMTP id NAA06218;
	Wed, 12 Aug 1998 13:37:48 +0100 (BST)
Date: Wed, 12 Aug 1998 13:37:48 +0100 (BST)
From: Jay Tribick <netadmin@fastnet.co.uk>
X-Sender: netadmin@bofh.fast.net.uk
To: Luis Saiz <LSaiz@atos-ods.com>
cc: andrew@squiz.co.nz, Marius Bendiksen <Marius.Bendiksen@scancall.no>,
        freebsd-security@FreeBSD.ORG
Subject: Re: UDP port 31337
In-Reply-To: <35D188EB.A03975A4@atos-ods.com>
Message-ID: <Pine.BSF.3.96.980812133711.4811l-100000@bofh.fast.net.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


| > Fake network services are an interesting idea.  They're not going to be
| > viable for most users, but how many of these systems need to be scattered
| > around the net and monitored to provide an effective deterrent to scan
| > based attacks?  ....
| 
| That's the idea Cheswick exposes in the clasical "Firewalls and Internet Security,
| Repelling the Wily Hacker". He created a "jail" simulating a real system "on the
| fly" after discovering an attack.

An interesting idea, create a duplicate of your filesystem within a
subdirectory and chroot them into that directory. Would it be possible
to fool things like 'ps' that read /proc using this method?

Regards,

Jay Tribick
--
[| Network Administrator | FastNet International | http://fast.net.uk/ |]
[|        Finger netadmin@fastnet.co.uk for contact information        |]
[| T: +44 (0)1273 677633 F: +44 (0)1273 621631 e: netadmin@fast.net.uk |]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message