Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > IDS-list> 1999-q4

IDS Archives: IDS: RE: RE: Honey pots / decoy servers

IDS: RE: RE: Honey pots / decoy servers

Staggs, Michael (Michael_Staggsnai.com)
Thu, 26 Aug 1999 12:05:15 -0700

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Dale.DrewLevel3.com: "IDS: RE: RE: RE: Honey pots / decoy servers"
Previous message: Lance Spitzner: "Re: IDS: Honey pots / decoy servers"

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------

--- There can be questions of entrapment raised. The real point of the virtual network is to create an environment that the cracker wastes time within while allowing you to track/trace movement. The end result is that no real data is exposed or corrupted while the cracker is trespassing.

As to entrapment.... a good legal panacea is the "no trespassing" sign. Should you decide to prosecute (why would you anyway if all that was damaged(?) was virtual data?), a simple legal warning of "only fully authorized, private property, blah, blah" displayed as a telnet (etc) banner will cover your hind parts.

Hope this helps.

MJ > -----Original Message----- > From: Grant Parkinson [SMTP:grantphome.com] > Sent: Thursday, August 26, 1999 1:54 AM > To: roeschclark.net > Cc: idsuow.edu.au > Subject: IDS: RE: Honey pots / decoy servers > > FAQ: See http://www.ticm.com/kb/faq/idsfaq.html > IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html > HELP: Having problems... email questions to ids-owneruow.edu.au > NOTE: Remove this section from reply msgs otherwise the msg will bounce. > SPAM: DO NOT send unsolicted mail to this list. > USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au > -------------------------------------------------------------------------- > - > --- > Hi Marty/List, > > When implementing a honey-pot, if an cracker detects the presence of a > deception like toolkit is the attacker not being invited to > login/crack/exploit this pot-o-honey? Is this not similar to a agent or > cop > in full uniform holding out a bag of crack and saying, "Take it, take it - > I > got this crack for ya, take it." And if your a crack head - your damn > well > going to take the goods. > > What are the applicable legalities? Could this honey-pot also degrade > your > network wide prosecutorial rights - one honey pot designating the entire > network fair game? > > Oh oh oh, I like this one - Does this not parallel hanging a bag of CraCK > on > a tree in your front yard and then shooting any takers? > > Anyhow just some allergy ridden late night babble....... > > -GrantP. > > > >

Next message: Dale.DrewLevel3.com: "IDS: RE: RE: RE: Honey pots / decoy servers"
Previous message: Lance Spitzner: "Re: IDS: Honey pots / decoy servers"

This archive was generated by hypermail 2.0b3 on Fri Aug 27 1999 - 00:47:31 CDT