You are partially correct. Most production honeypots [should] consist of the OS and honeypot software that can simulate a range of OS versions, software, and vulnerabilities. Research honeypots though often consist of the real software so that new vulnerabilities can be found and examined in more detail. I think we have two books on honeypots floating around the LUG library by the way.
At 12:30 AM 4/21/2003 -0500, you wrote: >I think you should read the honeypot docs. It is NOT a machine that offers >full access to it, but a daemon that simulates an unprotected machine. It >interacts with the hacker so that he thinks he is getting somewhere when in >reality he is doing nothing. It's main purpose is to distract the hacker >long enough so that the sys/net admin has a chance to see what the hacker is >up to and defend against it and/or block the attacker at the firewall. > >Someone correct me if I am wrong. I have only casually read the docs with >intentions of one day implementing this - however now maybe I won't until I >see where this goes. > >Shannon >----- Original Message ----- >From: "Tim Fournet" <[EMAIL PROTECTED]> >To: <[email protected]> >Sent: Sunday, April 20, 2003 9:35 PM >Subject: Re: [brlug-general] Use a Honeypot, Go to Prison? > > > > Using a honeypot to protect ones network is in my opinion negligent and > > irresponsible. Companies have a responsibility to do their best to keep > > their systems inaccessible to unauthorized users, and putting a "free" > > system on the internet that could potentially allow a cracker to launch > > attacks against others is not a good practice. > > > > Companies absolutely have a right to protect their systems, but not to > > the point of breaking the law to do it. I think anyone who willingly > > puts a machine on the internet that's configured to allow someone easy > > and full access to it--knowing that that person intends to do damage > > with it--is guilty of aiding a criminal and should be charged as such. > > Enforcing the law is not the duty of citizens and corporations. > > > > > > > > On Sat, 2003-04-19 at 22:48, Jeremy J Bertrand wrote: > > > > > > I just read the article on securityforce.com. posssible loop-hole in >using a > > > redirect, to redirect hacker traffic from a production system to a >honeypot > > > the hacker could sue/countersue for misrepresentation and entrapment. >That > > > goes for both the private company and the government. > > > As far as the hackers getting in through other means beside telnet or a > > > webpage and how to notify there are numerous messages that you can use >to > > > notify that the machine is being monitored. > > > But your right it is sickening. The fact that using a honeypot to lure >hackers > > > away from production machines could land you in prison. The fact that >the act > > > hacking any machine is a felony should but doesn't protect the company >from > > > litigation. > > > ??? I mean a company doesn't have the right to protect what is his and >so what > > > if he wants to use something that could help capture "wanted criminals", >the > > > company should be rewarded for doing a good deed, but instead they get > > > litigation. Come on what kind of society have we created for ourselves >???? > > > > > > > > > Jeremy Bertrand > > > email: [EMAIL PROTECTED] > > > > > > > > > ---------- Original Message ----------- > > > From: Nashid Hasan <[EMAIL PROTECTED]> > > > To: [email protected] > > > Sent: Fri, 18 Apr 2003 11:10:07 -0500 > > > Subject: [brlug-general] Use a Honeypot, Go to Prison? > > > > > > > These legal games are sickening....... > > > > > > > > "Using a honeypot to detect and surveil computer intruders might put > > > > you on the working end of federal wiretapping beef, or even get you > > > > sued by the next hacker that sticks his nose in the trap, a Justice > > > > Department attorney warned Wednesday." > > > > > > > > http://securityfocus.com/news/4004 > > > ------- End of Original Message ------- > > > > > > > > > _______________________________________________ > > > General mailing list > > > [email protected] > > > http://brlug.net/mailman/listinfo/general_brlug.net > > > > > > > > _______________________________________________ > > General mailing list > > [email protected] > > http://brlug.net/mailman/listinfo/general_brlug.net > > > > >_______________________________________________ >General mailing list >[email protected] >http://brlug.net/mailman/listinfo/general_brlug.net --- Dustin Puryear <[EMAIL PROTECTED]> Puryear Information Technology Windows, UNIX, and IT Consulting http://www.puryear-it.com
