> -----Original Message-----
> From: Michael H. Warfield [mailto:[EMAIL PROTECTED]]
[...]
(me)
> > My problem with honeypots has always been that by giving
> crackers a leg-up
> > into the DMZ you create a situation whereby you actually
> increase the
> > exposure of the servers you actually care about.
>
> We're talking about two different things here (three,
> if you count
> canaries which really haven't been discussed).
When I first read this I thought the canary reference was a non-sequitur and
therefore a cutting piece of sarcasm. 8)
[...]
> The "Honeynet" and others like it are not intended to increase
> the security of a network or to catch crackers. The honeynet is not
> designed to be secure in the first place. It's also not
> designed to be
> insecure in the first place either. It's there to STUDY. It's there
> to study how secure systems are out of the box. It's there to study
> crackers, their behavior, and their characteristics. It's there to
> study how these systems are being broken into.
*sigh* Yes. I suddenly connected Honeynet with Lance Spitzner and remembered
what it was all about. I shouldn't post before drinking coffee. My bad. ;)
[...]
> I normally add one other distinction in the mix, that
> of a canary
> system.[...details snipped...]
Nice idea - especially about the dummy syslog server. I'll have to remember
that one.
[...]
> Mike
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
