Date: Sat, 24 Jun 2000 12:55:40 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: freebsd-security@freebsd.org Subject: jail(8) Honeypots Message-ID: <20000624125540.A256@dialin-client.earthlink.net>
next in thread | raw e-mail | index | archive | help
I searched the mail archive and read the jail(8) manpage and was surprised not to see any discussion of using jail for a honeypot, an IDS. If I understand things correctly, one of the primary motivations for the jail command is to isolate potentially exploitable daemons and other programs so any damage done by an attacker is minimized. It seems to me that it is such a logical extension to run a _known_ exploitable process in a jail then watch for and document attacks from outside that some people out there must be doing it. So, is anyone out there doing this? Have any hints, gotchas, or really cool ideas to share about setting a system like this up? It seems that there are lots of possiblilities. One good box could look like multiple machines running the same or different exploitable programs to an attacker. If no one out there is, I am going to give it a shot anyway. I'd still appreciate any ideas. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000624125540.A256>