I think you should read the honeypot docs. It is NOT a machine that offers full access to it, but a daemon that simulates an unprotected machine. It interacts with the hacker so that he thinks he is getting somewhere when in reality he is doing nothing. It's main purpose is to distract the hacker long enough so that the sys/net admin has a chance to see what the hacker is up to and defend against it and/or block the attacker at the firewall.
Someone correct me if I am wrong. I have only casually read the docs with intentions of one day implementing this - however now maybe I won't until I see where this goes. Shannon ----- Original Message ----- From: "Tim Fournet" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Sunday, April 20, 2003 9:35 PM Subject: Re: [brlug-general] Use a Honeypot, Go to Prison? > Using a honeypot to protect ones network is in my opinion negligent and > irresponsible. Companies have a responsibility to do their best to keep > their systems inaccessible to unauthorized users, and putting a "free" > system on the internet that could potentially allow a cracker to launch > attacks against others is not a good practice. > > Companies absolutely have a right to protect their systems, but not to > the point of breaking the law to do it. I think anyone who willingly > puts a machine on the internet that's configured to allow someone easy > and full access to it--knowing that that person intends to do damage > with it--is guilty of aiding a criminal and should be charged as such. > Enforcing the law is not the duty of citizens and corporations. > > > > On Sat, 2003-04-19 at 22:48, Jeremy J Bertrand wrote: > > > > I just read the article on securityforce.com. posssible loop-hole in using a > > redirect, to redirect hacker traffic from a production system to a honeypot > > the hacker could sue/countersue for misrepresentation and entrapment. That > > goes for both the private company and the government. > > As far as the hackers getting in through other means beside telnet or a > > webpage and how to notify there are numerous messages that you can use to > > notify that the machine is being monitored. > > But your right it is sickening. The fact that using a honeypot to lure hackers > > away from production machines could land you in prison. The fact that the act > > hacking any machine is a felony should but doesn't protect the company from > > litigation. > > ??? I mean a company doesn't have the right to protect what is his and so what > > if he wants to use something that could help capture "wanted criminals", the > > company should be rewarded for doing a good deed, but instead they get > > litigation. Come on what kind of society have we created for ourselves ???? > > > > > > Jeremy Bertrand > > email: [EMAIL PROTECTED] > > > > > > ---------- Original Message ----------- > > From: Nashid Hasan <[EMAIL PROTECTED]> > > To: [email protected] > > Sent: Fri, 18 Apr 2003 11:10:07 -0500 > > Subject: [brlug-general] Use a Honeypot, Go to Prison? > > > > > These legal games are sickening....... > > > > > > "Using a honeypot to detect and surveil computer intruders might put > > > you on the working end of federal wiretapping beef, or even get you > > > sued by the next hacker that sticks his nose in the trap, a Justice > > > Department attorney warned Wednesday." > > > > > > http://securityfocus.com/news/4004 > > ------- End of Original Message ------- > > > > > > _______________________________________________ > > General mailing list > > [email protected] > > http://brlug.net/mailman/listinfo/general_brlug.net > > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net >
