Penetration Testing mailing list archives
Re: [PEN-TEST] Recourse Technologies -- info wanted
From: Erik Tayler <erik () digitaloffense net>
Date: Tue, 3 Oct 2000 16:02:49 -0500
I believe that most of your thoughts are correct, but in my experience, I have found that placing a honeypot within enterprise situations was quite useful. The reason it was so useful, in my opinion, was that this honeypot was designed to lead people believe that they have already accomplished their goal. What I mean is that I placed a bunch of important looking information on the server, made it look like they hit the jackpot, etc. Because this was in a DMZ that had absolutely no access to anything else [firewall acl's were tight, restricting all access to and from the honeypot]. Basically the honeypot wasn't connected to anything else, at all, therefore the attacker encountered a dead end. In such a case, only someone experienced would be able to gain a better view of the situation, and even realize that there was more out there. However, I do agree that [in some cases], placing a honeypot in an enterprise network is senseless. Many do not know how to create a honeypot, and do not know what precisely it is supposed to be used for, and might just be opening an even larger hole. Just my 2 cents. Erik Tayler http://www.14x.net http://www.digitaloffense.net
I have some qualms about putting a "target" on my network. i understand that they may facilitate tracking an attacker, but honestly, why not
invest
your money into building a secure architecture in the first place? A fake "insecure" host or network may lead an attacker to find a vulnerable real host there. I understand a honeypot's use in an academic or research environment, but as an enterprise appliance, it seems like a pretty poor idea. I agree with mark on building traps on existing insecure operating systems, but i'd take it one further, an unkown, proprrietary operating system isn't better. just because no vulnerabilities have been found doesn't mean that no vulnerabilities exist, and even honeypot designers
can
make mistakes.
Current thread:
- [PEN-TEST] Recourse Technologies -- info wanted Andrew Teklemariam (Oct 02)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ben Rothke (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Mark Teicher (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Mark Teicher (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ryan Permeh (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ben Rothke (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Erik Tayler (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ryan Permeh (Oct 03)
- <Possible follow-ups>
- Re: [PEN-TEST] Recourse Technologies -- info wanted subscribe (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Mark Teicher (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Paul Cardon (Oct 09)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Oliver Friedrichs (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Peter Van Epp (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Mark Teicher (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Andrew Lawton (Oct 04)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ben Rothke (Oct 03)