OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Vincent Danen (vdanen_at_mandrakesoft.com)
Date: Tue Dec 10 2002 - 23:31:14 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Tuesday, December 10, 2002, at 07:25 PM, Tom McLaughlin wrote:

    > Hi everyone, I am glad to see the responces that I have gotten back
    > from
    > this list. Yet me state the two things that this project would need to
    > get off the ground.
    [...]

    I can provide hosting space for the website and might be able to help
    do some of the HTML, provided you're not looking for anything fancy...
    Quick and dirty I have time for, fancy I don't.

    I can provide a domain for this and DNS services for the honeypot. Ie.
    we can do something like honeypot.linsec.ca for the website and
    hackme.linsec.ca for the honeypot (or whatever).

    I hesitate to put this under the MandrakeSecure umbrella as this isn't
    a Mandrake-sponsored project, but I'd like to help out in whatever
    areas I can (although my initial contributions may end up being small).

    I also understand that doing this sort of project, and doing it well,
    take some serious planning and definitely observation time. If there
    is interest, I could even setup a mailing list for the observation.
    You mentioned having alerts sent to you, but perhaps the same alerts
    could be sent to a mailing list, possibly with snort dumps, tcpdump
    dumps, daily logs, etc. I'd be more than happy to host that as well.

    If nothing else, it ensures that while the "real" forensic work belongs
    to the owner of the box, when it comes to logs and other information,
    those others interested can lend their eyes and, if nothing else, see
    what happens to the system in "real time".

    This obviously really means dedicating a machine to this solely, and
    segregate it *completely* from your own internal network as having this
    kind of info sent to a mailing list could potentially be damaging if
    the machine was inside your LAN (without being suitably firewalled off
    from the rest of the LAN), or if it was being used for anything other
    than intended "hackme" purpose. 

    --
MandrakeSoft Security; http://www.mandrakesecure.net/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (Darwin)

    iD8DBQE99s2jIEPQ5f5vKv0RAv8/AKCWTkTgdpzqISJ8dLALzyJAOnOlLgCgmH1X pz2BYybznl3SQ20Cv6OUO5Y= =/L2B -----END PGP SIGNATURE-----