Re: IDS: RE: Honey pots / decoy servers

John Evdemon (John_Evdemonfreddiemac.com)
Thu, 26 Aug 1999 16:41:54 -0400

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Grant Parkinson: "RE: IDS: RE: Honey pots / decoy servers"
• Previous message: Larry Chin: "IDS: Re: [NTSEC] Default trojan ports"
• Next in thread: The Roesch's: "Re: IDS: RE: Honey pots / decoy servers"
• Reply: The Roesch's: "Re: IDS: RE: Honey pots / decoy servers"

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------

---
Isn't there a potential danger to using honey-pots?
For example, what if the cracker realizes s/he is "in" a honey-pot and starts
causing some real damage as a retailiation??
"Grant Parkinson" <grantphome.com> on 08/26/99 04:54:07 AM
                                                                                
                                                                                
                                                                                
                                                              
                                                              
                                                              
 To:      roeschclark.net                                    
                                                              
 cc:      idsuow.edu.au(bcc: John Evdemon/CONSULT/HQ/FHLMC)  
                                                              
                                                              
                                                              
 Subject: IDS: RE: Honey pots / decoy servers                 
                                                              
FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------
---
Hi Marty/List,
When implementing a honey-pot, if an cracker detects the presence of a
deception like toolkit is the attacker not being invited to
login/crack/exploit this pot-o-honey?  Is this not similar to a agent or cop
in full uniform holding out a bag of crack and saying, "Take it, take it - I
got this crack for ya, take it."  And if your a crack head - your damn well
going to take the goods.
What are the applicable legalities?  Could this honey-pot also degrade your
network wide prosecutorial rights - one honey pot designating the entire
network fair game?
Oh oh oh, I like this one - Does this not parallel hanging a bag of CraCK on
a tree in your front yard and then shooting any takers?
Anyhow just some allergy ridden late night babble.......
-GrantP.






Next message: Grant Parkinson: "RE: IDS: RE: Honey pots / decoy servers"
Previous message: Larry Chin: "IDS: Re: [NTSEC] Default trojan ports"

Next in thread: The Roesch's: "Re: IDS: RE: Honey pots / decoy servers"
Reply: The Roesch's: "Re: IDS: RE: Honey pots / decoy servers"







This archive was generated by hypermail 2.0b3 
on Fri Aug 27 1999 - 04:22:08 CDT