Re: Introducing the Tactical Honeynet Deployment Project

["Tom Britten" <tomb () antenseven net>]

> If the box is bogus but you can't tell till you get in, you will still
> catch #1. If you are going for #2, you are right. The box has to look
> legit. As for #3, you typically need to have them playing on the box for
> a while to figure this one out. To be honest, I think the great work
> done by Lance and others has done a wonderful job of already answering
> that one.

    I agree with all of that, my concern and comment about building your own
system from the ground up was not solely based upon the idea that you needed
it look real after they have already broken in.  It was also from a concern
of control standpoint (sorry i don't think i made it entirely clear the
first).  An improperly configured honeypot/honeynet is a risk if not
controlled, more so with news laws and the concept of legal liability coming
into play.
    So I guess my original comment about building from the ground up was to
address a plethora of problems that are encountered in deploying.
controlling and monitoring honeypots/honeynets.  Hope that makes more sense
^_^


Tom Britten
Sr. Systems Engineer