-
September 27th, 2004, 03:10 AM
#1
Member
What are honeypots?
Seeing the forum title, it got me thinking... and well, what are honeypots? And, are they any better than firewalls?
Tell me if you think I\'m spamming or doing something stupid, please.
-
September 27th, 2004, 03:13 AM
#2
A computer set up to lure an attacker toward it rather than the key systems on a network. I'm sure someone will expand on it but that's what a honeypot is basically.
-
September 27th, 2004, 03:14 AM
#3
Well if you really want I can send you my powerpoint on Honeypots. I just taught that a couple of weeks ago.
Basically, honeypots or honeynets are computers or networks setup to attract activity to them. The reasoning for attracting the activity varies: sometimes its to encourage attackers to stay away from the "goodies", sometimes its for an EWS, sometimes its for research. The reasoning why usually will determine the complexity of the honeypot.
Low interaction honeypots like Back Officer Friendly are more for the detect and EWS concept. They give little to no interaction with the attacker. They also have the lowest risk.
Medium interaction honeypots have some interaction but tend to be limited. Often, they incorporate "jailed" environments where attackers can only do so many things. They have some risk. Sometimes they are used to detect attacks before they happen.
The last one has the highest risk and is the cheapest but most difficult to setup. High interaction is usually when you setup a full system live on the internet. You also get the greatest research value out of it.
The Honey Net Project is a good place to learn. Additionally, Lance Spitzner's Honeypots is a good and straighforward read about the art of Honeypots.
Obviously, one issue that has yet to be resolved is that of "entrapment". I do not think as of yet that Honeypots have been tested in a court of law.
Hope that helps.
msmittens in this thread: http://www.antionline.com/showthread...hreadid=240611
-
September 27th, 2004, 03:18 AM
#4
Hint: Google
So they're not "better than firewalls" because they don't serve the same purpose as a firewall.
Check out the Honeynet Project. They have some good info on their site as well as a live Linux CD that serves as a honeypot.
-edit-
Wow, I'm a slow poster
-
October 6th, 2004, 12:40 PM
#5
Banned
If you could post that powerpoint up, id quite fancy a read of it?
Cheers
Andy
-
October 6th, 2004, 01:24 PM
#6
"entrapment is where a police officer or other law enforcement officer induces a person to commit a crime that the person wouldn’t have committed otherwise for the purpose of bringing a criminal prosecution against that person"
- http://www.legal-definitions.com/entrapment.htm
(Not the best legal site, but good plain English answers.)
Clearly this wouldn't be an issue with honeypots unless the cop was telling the attacker to break into the system. Merely having an insecure system does not qualify as inducing the attack.
cheers,
catch
-
October 6th, 2004, 02:01 PM
#7
Ya. I did once make the mistake of the entrapment issue. It's not as much of an issue really unless you're working with the police or for the police. Then it'd probably get into grey areas. I also wonder what the SuperDMCA laws would think of a honeypot if it was tested in court.
That said, Lance Spitzner, the King of Honeypot Knowledge IMO, did identify 3 areas of concern for honeypots.
Entrapment: can be an issue for some but for many not.
Liability: this is an obvious one since there is always a risk, particularly if you use a high-interactive, home-built honeypot, that it could be completely owned and then used for attacks elsewhere. The company potentially becomes liable for actions that it was used for.
Privacy: Now this one is one that I think it will take a court case to settle. Spitnzer says "either in the files placed on compromised systems by intruders and the interception of communication (usually IRC) relayed through Honeynets." It's an interesting twist (although with the Patriot Act, this may make this all rather moot since there is a lack of privacy specifically for the US but other countries may be different).
edit
I've added my Honeypot Presentation. Keep in mind this is a general presentation, not a HOW TO. How tos are why Google exists! (plus this is taught in a class where students do the research on the HOW TO).
-
October 6th, 2004, 02:11 PM
#8
That privacy thing got me thinking.........
What happens if I put banners all over the place?
"This is a monitored system. Any and all actions will be logged".
This won't stop an attacker but I think it'll hold up in court against any "privacy" issues.
But then again IANAL.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
October 6th, 2004, 02:14 PM
#9
This won't stop an attacker but I think it'll hold up in court against any "privacy" issues.
Theoretically yes. But AFAIK, honeypots have never been tested in courts. I suspect that most use it for research or EWS rather than for evidence in court proceedings and such.
-
October 7th, 2004, 04:14 AM
#10
Have login banners been tested in court? In theory they have since if I'm not mistaken it's a US Government requirement that all login banners spew out the classic "it is punishable by law to obtain unauthorized access to this system" etc..
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|