One additional twist is that you may be held liable for attacks on other
systems, where your honeypot is used as a launching point. In other words,
before setting up a honeypot, you need to be willing to monitor it closely
enough that it can be shut down before it becomes a danger to other systems.
Personally, I would slap a sticker on the side of the honeypot computer that
reads "For entertainment purposes only." That seems to be a common legal
defense.
Brant
mouss <[EMAIL PROTECTED]> wrote:
> At 11:43 15/03/01 -0500, Jim Kearney wrote:
>
> >I am no lawyer either, the way I see it is crackers have absolutely no
> >business in your network. I can't see how you can call it entrapment when
> >they search for the networks or pc's to crack.
>
> The problem though is that you can
> - - catch innocent people getting there either by error or because some bad
> guy led them there
> - - catch a bad guy coming from for example a corporate network, and if your
> honey pot can cause
> a damage to their network, then you'll be able to attack the guy, but the
> company will attack both
> him and _you_.
>
> in fr (and probably in other places), there's a "similar" law: you don't
> have the right to protect your walls
> with dangerous materials. If you do that and catch a thief, then you're ok.
> but if the thief dies, you're good
> for jail!
>
> What I am meaning is that you should not do anything that makes you in the
> following situation:
> - - a bad guy did you some harm
> - - you punish him (directly or not)
> cos' in this situation, both of you may be pursued for your respective
actions.
>
>
> >It seems to me that it would be analogous to having a wall safe in your
> >house with nothing in it to take the attention away from your stash in
> >your mattress. Either way the intent is the same.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
