Date: Sun, 25 Jun 2000 12:30:46 -0600 From: Wes Peters <wes@softweyr.com> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Narvi <narvi@haldjas.folklore.ee>, Stephan Holtwisch <sh@rookie.org>, freebsd-security@FreeBSD.ORG Subject: Re: jail(8) Honeypots Message-ID: <39564FD6.4480470A@softweyr.com> References: <200006251557.e5PFvLX65947@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert - ITSD Open Systems Group wrote:
>
> In message <Pine.BSF.3.96.1000625103546.2206X-100000@haldjas.folklore.ee
> >, Narv
> i writes:
> >
> > On Sun, 25 Jun 2000, Stephan Holtwisch wrote:
> >
> > > Hello,
> > >
> >
> > [snip]
> >
> > > I do not know the jail implementation in FreeBSD too well.
> > > However, to me it seems a very bad idea to run _known_ vulnerable
> > > software within a jail, since that would mean the jail
> > > implemenation must not have bugs. You wouldn't run buggy
> > > software in a chrooted environment either, would you ?
> > > In addition to this i don't see a real sense to run a 'victim'
> > > Host as an IDS, where is the purpose of that ?
> > > It may be fun to watch people trying to mess up your system,
> > > but most likely you will just catch lots of script kiddies.
> > >
> >
> > The thing is a booby-trap. It is somewhat similar to running a simulated
> > "buggy" application with the sole puropse of catching the would-be
> > attackers.
> >
> > I'm not sure if and how much it pays in the long run.
>
> I don't think it would hold up in court, as it would be entrapment. So
> what would the sense be in setting up a booby-trap?
To watch the boobies squirm when they get caught, of course.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39564FD6.4480470A>