Date: Sat, 24 Jun 2000 23:32:52 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Stephan Holtwisch <sh@rookie.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: jail(8) Honeypots Message-ID: <20000624233252.B181@dialin-client.earthlink.net> In-Reply-To: <20000625072049.A48985@rookie.org>; from sh@rookie.org on Sun, Jun 25, 2000 at 07:20:49AM %2B0200 References: <20000624125540.A256@dialin-client.earthlink.net> <20000625072049.A48985@rookie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 25, 2000 at 07:20:49AM +0200, Stephan Holtwisch wrote: [snip] > I do not know the jail implementation in FreeBSD too well. > However, to me it seems a very bad idea to run _known_ vulnerable > software within a jail, since that would mean the jail > implemenation must not have bugs. AFAIK, there is know known method to get out of a FreeBSD jail. There are always risks of exploits in any software. > You wouldn't run buggy > software in a chrooted environment either, would you ? No, there are known ways for root to escape a chroot'ed environment. > In addition to this i don't see a real sense to run a 'victim' > Host as an IDS, where is the purpose of that ? > It may be fun to watch people trying to mess up your system, > but most likely you will just catch lots of script kiddies. I would not run it naked on the Internet, but behind a firewall. You can see if people are managing to circumvent your firewall, or more likely, you might find people on your protected networks doing things they should not be. Honeypots are not a new idea. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000624233252.B181>