Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > IDS-list> 1999-q4

IDS Archives: Re: IDS: RE: Honey pots / decoy servers

Re: IDS: RE: Honey pots / decoy servers

JohnNicholsonaol.com
Thu, 26 Aug 1999 09:36:48 EDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Lance Spitzner: "Re: IDS: Honey pots / decoy servers"
Previous message: Martin Roesch: "Re: IDS: RE: Honey pots / decoy servers"

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------

--- In a message dated 8/26/1999 9:24:14 AM Eastern Daylight Time, grantp

home.com writes:

> Is this not similar to a agent or cop > in full uniform holding out a bag of crack and saying, "Take it, take it - I > got this crack for ya, take it." And if your a crack head - your damn well > going to take the goods.

Well, we'll presume for the moment that crackers and script kiddies aren't truly addicts (big assumption on my part, I know). In general, even the crack head would find something suspicious about this scenario.

> > What are the applicable legalities? Could this honey-pot also degrade your > network wide prosecutorial rights - one honey pot designating the entire > network fair game? >

I don't think that one honey pot would compromise your prosecutorial rights for the rest of your network. For one thing, I would assume that you'd put all the same warnings and "no trespassing" signs on the honey pot as you have on the rest of your network, thus making it just as illegal for the cracker to be in the honey pot as anywhere else. This just happens to be the most likely break-in path, so you're watching it more carefully - kinda like having motion detectors only on the ground floor of your house.

> Oh oh oh, I like this one - Does this not parallel hanging a bag of CraCK on > a tree in your front yard and then shooting any takers?

Not quite. I think the allergy meds were getting to you at this point. ;-)

a) Possession of crack is illegal. Possession of a honey pot is not. b) It's illegal to shoot trespassers, and the cyber equivalent would be frying the intruder's computer, which is a neat trick (which, if you know how to do, please, please, please tell me. I promise to only use it on a short list of very deserving individuals. ;-) ).

The honeypot is more the equivalent of leaving costume jewelry in the jewelry store window when you close the store, and putting cameras on the window to watch who breaks in and takes the valueless stuff.

John

Next message: Lance Spitzner: "Re: IDS: Honey pots / decoy servers"
Previous message: Martin Roesch: "Re: IDS: RE: Honey pots / decoy servers"

This archive was generated by hypermail 2.0b3 on Thu Aug 26 1999 - 20:44:14 CDT