Security Incidents mailing list archives
Re: Cracked; rootkit - entrapment question?
From: jlewis () JASONLEWIS NET (Jason Lewis)
Date: Thu, 2 Mar 2000 19:50:34 -0500
Drew Smith wrote:
I'd like to create a honeypot of sorts; a chroot environment that
looks
and feels like the machine, and that allows the cracker to do
everything
he normally would want to from the shell. I'd like to log everything
to
another machine, and get the police in on it.
<snip> Why go through all the time and effort to create a honeypot. Why don't you concentrate on securing the systems they have and putting up some kind of firewall. Are you getting paid to exact revenge for someone exploiting a lack of security? Will you leave that machine sitting forever waiting for the attacker to come back? Don't you think you will be doing your client more of a service by wiping the machine, starting from scratch and making sure it is secure when you leave? I may be naive, but it seems like calling in the FBI is like trying to kill a housefly with an Elephant gun. Don't they have enough to do without worrying about every insecure machine on the Internet that has been compromised. I am still waiting to hear who is responsible for the DoS attacks. I don't think they will ever find the culprit. Since when did the FBI become the Internet police? I log several attacks a day, mostly from out of the country. Do I call the FBI for every attack? Instead of trying to have the attackers (who are probably under 18) jailed, why don't we work towards making sure people are aware of the problem and have tools available to help secure their machines. It seems the common answer is to throw everyone in jail, when we should be concentrating on educating people. Jason http://www.jasonlewis.net
Current thread:
- Re: Cracked; rootkit - entrapment question?, (continued)
- Re: Cracked; rootkit - entrapment question? Craig H. Rowland (Mar 02)
- Re: Cracked; rootkit - entrapment question? Granquist, Lamont (Mar 03)
- Re: Cracked; rootkit - entrapment question? 1Lt Rob Lee (Mar 07)
- Mail Server attack Joel Michael (Mar 07)
- Re: Mail Server attack Omachonu Ogali (Mar 08)
- Re: Mail Server attack Joel Michael (Mar 08)
- Re: Cracked; rootkit - entrapment question? Craig H. Rowland (Mar 02)
- Re: Cracked; rootkit - entrapment question? Craig H. Rowland (Mar 09)
- Re: Cracked; rootkit - entrapment question? Seth Georgion (Mar 11)
- Re: Cracked; rootkit - entrapment question? Filip M. Gieszczykiewicz (Mar 03)
- Re: Cracked; rootkit - entrapment question? Jon Lewis (Mar 16)