From owner-freebsd-security  Sun Jun 25 11:29:48 2000
Delivered-To: freebsd-security@freebsd.org
Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33])
	by hub.freebsd.org (Postfix) with ESMTP id DA69B37BBBF
	for <freebsd-security@FreeBSD.ORG>; Sun, 25 Jun 2000 11:29:37 -0700 (PDT)
	(envelope-from wes@softweyr.com)
Received: from softweyr.com (Foolstrustident!@homer.softweyr.com [204.68.178.39])
	by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id MAA19360;
	Sun, 25 Jun 2000 12:29:05 -0600 (MDT)
	(envelope-from wes@softweyr.com)
Message-ID: <39564FD6.4480470A@softweyr.com>
Date: Sun, 25 Jun 2000 12:30:46 -0600
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: Narvi <narvi@haldjas.folklore.ee>,
	Stephan Holtwisch <sh@rookie.org>, freebsd-security@FreeBSD.ORG
Subject: Re: jail(8) Honeypots
References: <200006251557.e5PFvLX65947@cwsys.cwsent.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Cy Schubert - ITSD Open Systems Group wrote:
> 
> In message <Pine.BSF.3.96.1000625103546.2206X-100000@haldjas.folklore.ee
> >, Narv
> i writes:
> >
> > On Sun, 25 Jun 2000, Stephan Holtwisch wrote:
> >
> > > Hello,
> > >
> >
> > [snip]
> >
> > > I do not know the jail implementation in FreeBSD too well.
> > > However, to me it seems a very bad idea to run _known_ vulnerable
> > > software within a jail, since that would mean the jail
> > > implemenation must not have bugs. You wouldn't run buggy
> > > software in a chrooted environment either, would you ?
> > > In addition to this i don't see a real sense to run a 'victim'
> > > Host as an IDS, where is the purpose of that ?
> > > It may be fun to watch people trying to mess up your system,
> > > but most likely you will just catch lots of script kiddies.
> > >
> >
> > The thing is a booby-trap. It is somewhat similar to running a simulated
> > "buggy" application with the sole puropse of catching the would-be
> > attackers.
> >
> > I'm not sure if and how much it pays in the long run.
> 
> I don't think it would hold up in court, as it would be entrapment.  So
> what would the sense be in setting up a booby-trap?

To watch the boobies squirm when they get caught, of course.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message