From owner-freebsd-security  Sun Jun 25  8:59:18 2000
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 12C1037BAA4
	for <freebsd-security@FreeBSD.ORG>; Sun, 25 Jun 2000 08:59:09 -0700 (PDT)
	(envelope-from Cy.Schubert@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id IAA30939;
	Sun, 25 Jun 2000 08:58:25 -0700
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda30937; Sun Jun 25 08:58:11 2000
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.9.3/8.9.1) id IAA18444;
	Sun, 25 Jun 2000 08:58:11 -0700 (PDT)
Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdg18442; Sun Jun 25 08:57:22 2000
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.10.2/8.9.1) id e5PFvLX65947;
	Sun, 25 Jun 2000 08:57:21 -0700 (PDT)
Message-Id: <200006251557.e5PFvLX65947@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdL65943; Sun Jun 25 08:56:25 2000
X-Mailer: exmh version 2.1.1 10/15/1999
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 4.0-STABLE
X-Sender: cy
To: Narvi <narvi@haldjas.folklore.ee>
Cc: Stephan Holtwisch <sh@rookie.org>, freebsd-security@FreeBSD.ORG
Subject: Re: jail(8) Honeypots 
In-reply-to: Your message of "Sun, 25 Jun 2000 10:40:51 +0200."
             <Pine.BSF.3.96.1000625103546.2206X-100000@haldjas.folklore.ee> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 25 Jun 2000 08:56:25 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.3.96.1000625103546.2206X-100000@haldjas.folklore.ee
>, Narv
i writes:
> 
> On Sun, 25 Jun 2000, Stephan Holtwisch wrote:
> 
> > Hello,
> > 
> 
> [snip]
> 
> > I do not know the jail implementation in FreeBSD too well.
> > However, to me it seems a very bad idea to run _known_ vulnerable
> > software within a jail, since that would mean the jail
> > implemenation must not have bugs. You wouldn't run buggy
> > software in a chrooted environment either, would you ?
> > In addition to this i don't see a real sense to run a 'victim'
> > Host as an IDS, where is the purpose of that ?
> > It may be fun to watch people trying to mess up your system,
> > but most likely you will just catch lots of script kiddies.
> > 
> 
> The thing is a booby-trap. It is somewhat similar to running a simulated
> "buggy" application with the sole puropse of catching the would-be
> attackers. 
> 
> I'm not sure if and how much it pays in the long run.

I don't think it would hold up in court, as it would be entrapment.  So 
what would the sense be in setting up a booby-trap?


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message