Honeypots mailing list archives
Re: Honeypot within ISP Policies?
From: Barrett Weisshaar <bweissha () andrew cmu edu>
Date: Mon, 10 Apr 2006 10:52:36 -0700
These are indeed very good guidelines. I'd highly recommend obtaining permission from your ISP if possible. However, depending on your ISP this might be pretty tricky. For example, I ran a brief Comcast honeynet to examine common threats to home broadband a while back. I admit that within the timeframe and the scope of the project, I didn't bother to secure permission - I wasn't going to allow any attack to persist for long once the box was compromised, and I figured that it was far more controlled of an experiment than most clueless home users (at least I was watching!). If you're up to something more expansive (colocation, etc) I'd definitely check. I help tend to a few colo boxes and if you don't resolve/work with them if they detect a compromise of your box, they WILL pull the plug on your system until you do. This is of course on top of the legal issues that Mr. Kletnieks mentioned as well. Good luck! -Barrett Valdis.Kletnieks () vt edu wrote:
On Mon, 10 Apr 2006 12:17:15 +0200, Patrick Debois said:-Suppose attackers will use my honeypot to go outside, can I be held responsible for this?You're certainly at greater legal risk if you were intentionally running a honeypot rather than some clueless Windows user who got 0wned.-Do I need to have special agreements for this of my ISP?First rule of pen-testing and vulnerability scanning: Always get an in-writing "get out of jail free" card up front. This almost certainly applies to running a honeypot - first off, it will help with the ISP. Secondly, it will help your defense when you try to say "it wasn't me hacking the Pentagon, it was somebody in the honeypot.." ;)
Current thread:
- Honeypot within ISP Policies? Patrick Debois (Apr 10)
- Re: Honeypot within ISP Policies? Valdis . Kletnieks (Apr 10)
- Re: Honeypot within ISP Policies? Barrett Weisshaar (Apr 10)
- Re: Honeypot within ISP Policies? Valdis . Kletnieks (Apr 10)