Honeypots mailing list archives
Re: logging facility
From: "KeyFocus" <support () keyfocus net>
Date: Fri, 29 Aug 2003 09:09:25 +0100
From: "JWT Judd" <jwtjudd () att net>
So, the honey pot has the decryption key? Does it get this by being a replicant of the system initiating the secure session?
I had in mind a simple example of an SSL enabled web server running on a Honeypot server. What is needed is a unique server side certificate. This can be one signed by yourself or one bought for the purpose.
From: <urbn () visi com> What if someone compromised your honeypot, and then monitored any SSL
traffic
that was decrypted?
In this case they would only be able to monitor traffic going to the honeypot, which has no production value.
Common sense would tell me to keep these logs (the decrypted SSL traffic) on a separate system,
That is a good idea. To be totaly secure the decrypted traffic should be sent and logged to a secure server, this should be encrypted using the public key of the secure logging server.
but then why even have your honeypot decrypt it first. Better off just sending the encrypted packets
to the
system that will be logging it anyways. Or am I missing something here?
If you do that then it will be impossible to decrypt the packets on the secure server. - Tom www.keyfocus.net
Current thread:
- Re: logging facility, (continued)
- Re: logging facility George Washington Dunlap III (Aug 27)
- Re: logging facility Floydman (Aug 27)
- Re: logging facility Motayyam79 (Aug 27)
- Re: logging facility Richard Stevens (Aug 28)
- Re: logging facility KeyFocus (Aug 28)
- Re: logging facility Floydman (Aug 28)
- Re: logging facility Floydman (Aug 28)
- Re: logging facility Motayyam79 (Aug 28)
- Re: logging facility KeyFocus (Aug 28)
- Re: logging facility urbn (Aug 29)
- Re: logging facility KeyFocus (Aug 29)
- Re: logging facility KeyFocus (Aug 28)
- Re: logging facility Valdis . Kletnieks (Aug 28)
- Re: logging facility Edward Balas (Aug 29)
- Re: logging facility Peter Bates (Aug 28)
- Re: logging facility Ryan Barnett (Aug 29)