Date: Sun, 25 Jun 2000 08:56:25 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Narvi <narvi@haldjas.folklore.ee> Cc: Stephan Holtwisch <sh@rookie.org>, freebsd-security@FreeBSD.ORG Subject: Re: jail(8) Honeypots Message-ID: <200006251557.e5PFvLX65947@cwsys.cwsent.com> In-Reply-To: Your message of "Sun, 25 Jun 2000 10:40:51 %2B0200." <Pine.BSF.3.96.1000625103546.2206X-100000@haldjas.folklore.ee>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.3.96.1000625103546.2206X-100000@haldjas.folklore.ee >, Narv i writes: > > On Sun, 25 Jun 2000, Stephan Holtwisch wrote: > > > Hello, > > > > [snip] > > > I do not know the jail implementation in FreeBSD too well. > > However, to me it seems a very bad idea to run _known_ vulnerable > > software within a jail, since that would mean the jail > > implemenation must not have bugs. You wouldn't run buggy > > software in a chrooted environment either, would you ? > > In addition to this i don't see a real sense to run a 'victim' > > Host as an IDS, where is the purpose of that ? > > It may be fun to watch people trying to mess up your system, > > but most likely you will just catch lots of script kiddies. > > > > The thing is a booby-trap. It is somewhat similar to running a simulated > "buggy" application with the sole puropse of catching the would-be > attackers. > > I'm not sure if and how much it pays in the long run. I don't think it would hold up in court, as it would be entrapment. So what would the sense be in setting up a booby-trap? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006251557.e5PFvLX65947>