[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ids
Subject:    RE: Effectiveness of a Honeypot
From:       Shawn Guins <indeg () blackcodemail ! com>
Date:       2001-08-30 16:10:04
[Download RAW message or body]

> I think you are right about being criminally liable >but that doesn't mean that you \
> couldn't be held >civilly liable for damages. Actually I think you would be very \
> liable. It will be hard to explain in court >that: 1) Yes I did put this system out \
> there knowing >it was susceptible to attack, 2) I was hoping it would be hacked, 3) \
> it was used as an attack vehicle >on company X but hey don't blame me. If I owned \
> company X, I would blame you for damages >done to me based from your  \
> network/honeypot. 
> Scot

I don't think honeypot should be view as something that can get you in trouble or \
anything like that:

I agree, there could be criminal and/or civil liability involved if your honeypot was \
comprised and used maliciously against others.  There's always the possibility of \
being held liable no matter what type (honeypot, web server, etc.) of box you're \
running.  That's part of the game.  But looking specifically at honeypots; what \
functional services, if any, should be run on a honeypot?  In my opinion at most, the \
only functional service you might run is for remote administration like ssh.  If you \
have local access, there shouldn't be any functional services running.  Without \
functional services running, the difficulty in comprising the box multiples x10.  \
There are always exceptions for everything.  I'm not saying that a honeypot can not \
be comprised but I think certain steps can be taken to seriously downgrade or \
possibly eliminate the chance of it being comprised or if comprised, what an attacker \
can actually do with that box.

Shawn 


_____________________________________________________________
Free Hosting & Free email---> http://www.blackcode.com


[prev in list] [next in list] [prev in thread] [next in thread]