|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: IDS: RE: Honey pots / decoy servers
Grant Parkinson (grantp
home.com)
Thu, 26 Aug 1999 16:53:08 -0700
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Amit Kaushal: "IDS: ODI/NDIS mapper 2.0"
- Previous message: John Evdemon: "Re: IDS: RE: Honey pots / decoy servers"
- Next in thread: Steve Coleman: "IDS: Honey pots & increasing the odds"
- Reply: Steve Coleman: "IDS: Honey pots & increasing the odds"
FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------
--- IDS,>Hi Grant. You're proceeding from a false assumption here. Honeypots >don't advertise themselves, they merely sit there and wait for someone >to stumble across themselves. Just because there's an attackable >service on your network (even a real one) doesn't mean that your >network is fair game. The intent has to be there on the part of the >attacker before the attack can happen, and that is the important thing >to remember when setting up a honeypot.
What constitutes advertisement? Is word-of-mouth to be included? And what if the trap is discovered indirectly?
>>Optimally, you don't want the attacker to know that there are any defenses in >>place on your network until the FBI is kicking in their front door.
True the FBI can make an arrest - but can the victim file charges and have them hold up? If a machine is engineered to trap a hacker/cracker, and it does, can the company claim a loss?
>Here's an analogy that I like: You keep a jewelry box full of cubic >zirconia on the dresser in your bedroom and the real diamonds are in a >wall safe in the basement. Is it legal for someone to enter your house >and take everything you have just because you left out the zirconia?
I follow your analogy, but you didn't leave out the zirconia hoping someone would take it. When is the attacker in your bedroom - when is the attacker on your front porch - when is the attacker in his yard with a clear view of your bedroom/basement? Does the attacker break a law when looking at your zirconia or must he take the goods? Is the attacker at fault when she views private information or is it the hosts responsibility to close the mini blinds?
I don't even expect a reply to this last bit - I'm fascinated with the application of our three dimensional laws/regulations to the operations of computers. Too bad we didn't have the chance to see a Mitnick Trial, surely would have been intersting to see what tricks the defense might try.
>If it is done properly, a "facade service" should look so much like the >real thing that it is indistinguishable from the real thing. If the >attacker intends to attack the real thing and thinks he attacking the >real thing, we can treat him as if he attacked the real thing.
Can a distinction be made if the attacker identifies or claims to have identified this host a honey-pot?
-finally- Can anyone recommend allergy meds that don't induce nightmares about crack and crack addicted hackers?
Thanks for your time, GrantP.
- Next message: Amit Kaushal: "IDS: ODI/NDIS mapper 2.0"
- Previous message: John Evdemon: "Re: IDS: RE: Honey pots / decoy servers"
- Next in thread: Steve Coleman: "IDS: Honey pots & increasing the odds"
- Reply: Steve Coleman: "IDS: Honey pots & increasing the odds"
This archive was generated by hypermail 2.0b3 on Fri Aug 27 1999 - 07:27:34 CDT