Date: Sun, 25 Jun 2000 14:23:35 -0500 From: "Jeffrey J. Mountin" <jeff-ml@mountin.net> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: security@FreeBSD.ORG Subject: Re: jail(8) Honeypots Message-ID: <4.3.2.20000625134808.00d97530@207.227.119.2> In-Reply-To: <13330.961956810@critter.freebsd.dk> References: <Your message of "Sun, 25 Jun 2000 12:48:17 CDT." <4.3.2.20000625122615.00afbf00@207.227.119.2>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:13 PM 6/25/00 +0200, Poul-Henning Kamp wrote: >If you put a gold-bar on the sidewalk which activated a burglar alarm >if touched, that would be illegal. Inciting a riot for the mad rush upon seeing it and disturbing the peace for the <bleep> alarm. Not to mention the regulations pertaining to the ownership of large quantities of gold. >If you put it inside your locked house it would be 100% legal, even >if it could be seen through the window. Just hope your insurance agent doesn't find out. ;) >Setting up a honey-pot host is legal, as long as you don't try to >invite people to break into it. Ie: don't call it > nah-nah-you-can-t-hack-me.foo.com >and don't tell anybody about it. You can invite, but then must accept the loss of legal recourse to any and all who answer the call. Bad idea. Better that they stumble upon it. Likewise it is, IMO, best not to brag about security. Even to customers one should be somewhat vague. >Jails(8) are probably the currently safest way to do it, but not >the most "authentic" looking way. Finding out that you're in a >jail is trivial and I pressume that it will become common knowledge >for script-kiddies RSN. > >In other words: a high-fidelity honey pot should probably be a >machine of its own behind a rather facist firewall, but as a >tripwire/indication a jail(8) based honeypot will do just fine. Agreed, but some may with to leave door open just a tad more for the honeypot. Not to obvious. Still there is the issue of triggering. What if they try for a "real" server. Better if any IDS were part of the firewall itself. Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.20000625134808.00d97530>