From owner-freebsd-security Sun Jun 25 1:41: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121]) by hub.freebsd.org (Postfix) with ESMTP id 5DFB037B85F for ; Sun, 25 Jun 2000 01:40:56 -0700 (PDT) (envelope-from narvi@haldjas.folklore.ee) Received: from localhost (narvi@localhost) by haldjas.folklore.ee (8.9.3/8.9.3) with SMTP id KAA56413; Sun, 25 Jun 2000 10:40:51 +0200 (EET) (envelope-from narvi@haldjas.folklore.ee) Date: Sun, 25 Jun 2000 10:40:51 +0200 (EET) From: Narvi To: Stephan Holtwisch Cc: freebsd-security@FreeBSD.ORG Subject: Re: jail(8) Honeypots In-Reply-To: <20000625072049.A48985@rookie.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 25 Jun 2000, Stephan Holtwisch wrote: > Hello, > [snip] > I do not know the jail implementation in FreeBSD too well. > However, to me it seems a very bad idea to run _known_ vulnerable > software within a jail, since that would mean the jail > implemenation must not have bugs. You wouldn't run buggy > software in a chrooted environment either, would you ? > In addition to this i don't see a real sense to run a 'victim' > Host as an IDS, where is the purpose of that ? > It may be fun to watch people trying to mess up your system, > but most likely you will just catch lots of script kiddies. > The thing is a booby-trap. It is somewhat similar to running a simulated "buggy" application with the sole puropse of catching the would-be attackers. I'm not sure if and how much it pays in the long run. > Stephan > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message