From owner-freebsd-security  Thu Sep 27 10:44: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from hotmail.com (f43.law3.hotmail.com [209.185.241.43])
	by hub.freebsd.org (Postfix) with ESMTP id 7610037B421
	for <security@FreeBSD.ORG>; Thu, 27 Sep 2001 10:43:49 -0700 (PDT)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 27 Sep 2001 10:43:49 -0700
Received: from 170.253.240.1 by lw3fd.law3.hotmail.msn.com with HTTP;
	Thu, 27 Sep 2001 17:43:48 GMT
X-Originating-IP: [170.253.240.1]
From: "WebSec WebSec" <secure21st@hotmail.com>
To: fabre@matranet.com
Cc: will@physics.purdue.edu, security@FreeBSD.ORG
Subject: Re: LaBrea for BSD?
Date: Thu, 27 Sep 2001 17:43:48 +0000
Mime-Version: 1.0
Content-Type: text/html
Message-ID: <F43CHusMjQHtMFaukyC00002c7d@hotmail.com>
X-OriginalArrivalTime: 27 Sep 2001 17:43:49.0036 (UTC) FILETIME=[F6CE76C0:01C1477B]
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

<html><div style='background-color:'><DIV>
<DIV>
<DIV>
<P>Here is an idea, </P>
<P>How about &nbsp;LaBrea for BSD (installed on a DHCP Server) automatically takes all IPs and releases them as clients request those IPs?&nbsp;</P>
<P>Another idea is that LaBrea server installed on DHCP "informs" LaBrea clients which IPs to emulate....</P>
<P>&nbsp;</P>
<P>Serg Perfi&nbsp; - YDAP security consulting group</P>
<DIR>
<DIR>
<DIR><FONT face=Helv color=#000000 size=2>
<P>To: fabre@matranet.com</P>
<P>cc:<B> </B>will@physics.purdue.edu, security@FreeBSD.ORG </P></DIR></DIR>
<P>Date:<B> </B>09/27/2001 01:01 PM</P>
<DIR>
<DIR>
<P>From: owner-freebsd-security@FreeBSD.ORG</P>
<P>Subject: Re: LaBrea for BSD?</P>
<P>&nbsp;</P></DIR></DIR>
<P>At 09:05 AM 9/27/2001, Laurent Fabre wrote:</P>
<P>&gt;I thought about it yup but....</P>
<P>&gt;The fact is I need to capture something lower than IP, just because</P>
<P>&gt;we need to monitor ARP request in order to acquire new IP addresses.</P>
<P>Automatic acquisition of unused IPs is, IMHO, a bad idea. If you're</P>
<P>assigning addresses via DHCP, it just plain won't work; the honeypot</P>
<P>will acquire addresses that your DHCP server still thinks can be</P>
<P>assigned. And since every Windows client tries to ARP its own address</P>
<P>as it starts up (in an attempt to make sure it's not stepping on</P>
<P>someone else), a machine that has been turned off for the night</P>
<P>will refuse to get on the Net in the morning if its address has</P>
<P>been claimed.</P>
<P>I'd prefer to specify the addresses to watch, thank you....</P>
<P>--Brett</P>
<P>&nbsp;</P>
<P>To Unsubscribe: send mail to majordomo@FreeBSD.org</P>
<P>with "unsubscribe freebsd-security" in the body of the message</P></DIR></FONT><BR><BR><BR>The reasonable man adapts himself to the world; </DIV>the unreasonable one persists in trying to adapt 
<DIV></DIV>the world to himself. Therefore all progress 
<DIV></DIV>depends on the unreasonable man. 
<DIV></DIV>
<DIV></DIV>-- George Bernard Shaw 
<DIV></DIV></DIV></DIV></div><br clear=all><hr>Get your FREE download of MSN Explorer at <a href='http://go.msn.com/bql/hmtag_itl_EN.asp'>http://explorer.msn.com</a><br></html>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message