Date: Sun, 25 Jun 2000 13:24:47 -0400 From: "George Hartz" <georgeh@blowtorch.com> To: "Cy Schubert - ITSD Open Systems Group" <Cy.Schubert@uumail.gov.bc.ca>, "Narvi" <narvi@haldjas.folklore.ee> Cc: "Stephan Holtwisch" <sh@rookie.org>, <freebsd-security@FreeBSD.ORG> Subject: Re: jail(8) Honeypots Message-ID: <000c01bfdeca$42b791f0$0301a8c0@pentium> References: <200006251557.e5PFvLX65947@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
IANAL, but I'm fairly certain that is not entrapment. Entrapment entails a situation where someone causes, one way or another, an individual to do something they would not ordinarily have done in a similar situation, with the purpose of being able to prosecute them for that activity. That's why law enforcement officers can conduct stings. In a simple example, a john can be arrested for solicitation of prostitution if he approaches the undercover officer and proposes the arrangement, but not if the interaction is prompted by the officer, because in the latter case you can't prove that its an activity that the individual would have undertaken if not prompted. Its not entrapment, in the case of setting up a fake buggy application to entice someone to attempt to break into your system because they didn't know it was fake, and were not coerced into finding or attempting the break-in as a result of your actions. Had the buggy software been a real installation, the individual in question would have still done that. That's the case in the U.S. at least, that may be different in other parts of the world. ----- Original Message ----- From: "Cy Schubert - ITSD Open Systems Group" <Cy.Schubert@uumail.gov.bc.ca> To: "Narvi" <narvi@haldjas.folklore.ee> Cc: "Stephan Holtwisch" <sh@rookie.org>; <freebsd-security@FreeBSD.ORG> Sent: Sunday, June 25, 2000 11:56 AM Subject: Re: jail(8) Honeypots > In message <Pine.BSF.3.96.1000625103546.2206X-100000@haldjas.folklore.ee > >, Narv > i writes: > > > > On Sun, 25 Jun 2000, Stephan Holtwisch wrote: > > > > > Hello, > > > > > > > [snip] > > > > > I do not know the jail implementation in FreeBSD too well. > > > However, to me it seems a very bad idea to run _known_ vulnerable > > > software within a jail, since that would mean the jail > > > implemenation must not have bugs. You wouldn't run buggy > > > software in a chrooted environment either, would you ? > > > In addition to this i don't see a real sense to run a 'victim' > > > Host as an IDS, where is the purpose of that ? > > > It may be fun to watch people trying to mess up your system, > > > but most likely you will just catch lots of script kiddies. > > > > > > > The thing is a booby-trap. It is somewhat similar to running a simulated > > "buggy" application with the sole puropse of catching the would-be > > attackers. > > > > I'm not sure if and how much it pays in the long run. > > I don't think it would hold up in court, as it would be entrapment. So > what would the sense be in setting up a booby-trap? > > > Regards, Phone: (250)387-8437 > Cy Schubert Fax: (250)387-5766 > Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca > Open Systems Group, ITSD, ISTA > Province of BC > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000c01bfdeca$42b791f0$0301a8c0>