> -----Original Message-----
> From: Michael H. Warfield [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 16 March 2001 7:51
> To: Jose Nazario
> Cc: Michael T. Babcock; Darich Runyan; Jim Kearney;
> [EMAIL PROTECTED]
> Subject: Re: HoneyPots: "legal or nor legal"
[...]
> I assume you mean the "Honeynet Project".
>
> > they're selling point is the boxes aren't even weakened.
> they're just
> > regular boxes.
>
> More to the point, they are OOB (out of the box) boxes. They
> are simply installed. No weakening, no hardening. Just a straight
> install. They also take no effort to advertise the systems
> or otherwise
> lure anyone to the systems. They are doing nothing to entice anyone,
> they are standing out there just like anyone else would who had done
> a simple install and taken no other efforts.
My problem with honeypots has always been that by giving crackers a leg-up
into the DMZ you create a situation whereby you actually increase the
exposure of the servers you actually care about.
Most honeypot creators waffle on about how the "simulated environment" is
"completely hackproof" and that crackers can't gain full control of the box.
If these are just regular boxes, what's to stop someone rooting it and then
attacking the network? I assume that a NIDS is supposed to start blaring,
but they're hardly infalliable (hence the perceived need for honeypots).
But then, I don't know if honeypots are there to catch crackers or increase
network security. If it's the former then I'm not prepared to compromise the
latter - even a little bit.
Cheers,
(Too lazy to do my own research for once - it's early here ;)
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
