From owner-freebsd-security  Sun Jun 25 10:49:21 2000
Delivered-To: freebsd-security@freebsd.org
Received: from peak.mountin.net (peak.mountin.net [207.227.119.2])
	by hub.freebsd.org (Postfix) with ESMTP id 117AF37BC03
	for <security@FreeBSD.ORG>; Sun, 25 Jun 2000 10:49:07 -0700 (PDT)
	(envelope-from jeff-ml@mountin.net)
Received: (from daemon@localhost)
	by peak.mountin.net (8.9.1/8.9.1) id MAA10611;
	Sun, 25 Jun 2000 12:49:00 -0500 (CDT)
	(envelope-from jeff-ml@mountin.net)
Received: from dial-106.max1.wa.cyberlynk.net(207.227.118.106) by peak.mountin.net via smap (V1.3)
	id sma010609; Sun Jun 25 12:48:45 2000
Message-Id: <4.3.2.20000625122615.00afbf00@207.227.119.2>
X-Sender: jeff-ml@207.227.119.2
X-Mailer: QUALCOMM Windows Eudora Version 4.3
Date: Sun, 25 Jun 2000 12:48:17 -0500
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	Narvi <narvi@haldjas.folklore.ee>
From: "Jeffrey J. Mountin" <jeff-ml@mountin.net>
Subject: Re: jail(8) Honeypots 
Cc: security@FreeBSD.ORG
In-Reply-To: <200006251557.e5PFvLX65947@cwsys.cwsent.com>
References: <Your message of "Sun, 25 Jun 2000 10:40:51 +0200." <Pine.BSF.3.96.1000625103546.2206X-100000@haldjas.folklore.ee>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 08:56 AM 6/25/00 -0700, Cy Schubert - ITSD Open Systems Group wrote:
> > The thing is a booby-trap. It is somewhat similar to running a simulated
> > "buggy" application with the sole puropse of catching the would-be
> > attackers.
> >
> > I'm not sure if and how much it pays in the long run.
>
>I don't think it would hold up in court, as it would be entrapment.  So
>what would the sense be in setting up a booby-trap?

How so?  Only if you are with a law enforcement agency would it be 
entrapment.  At least in the US, but then there is a term similar to 
"enticement" (forget the legalese version), which may apply.  Doubtful, but 
entirely possible that by attracting bears with a honeypot, which is 
surrounded by a fence, which the bear climbs, falls, and then has recourse 
to turn around and sue you for tempting it.  Regardless, I'm fairly certain 
that the authorities would be interested.

Other than that it does have merit if it distracts script kiddies from 
trying for the real stuff, as well as alerting other providers of possibly 
hijacked accounts or AUP violations.


Jeff Mountin - jeff@mountin.net
Systems/Network Administrator
FreeBSD - the power to serve



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message