Security Basics mailing list archives

Re: Intro To Hacking

From: Miles Stevenson <miles () mstevenson org>
Date: Mon, 18 Oct 2004 16:04:02 -0400

On Monday 18 October 2004 03:45 pm, Jonathan Loh wrote:

With that said.  How did you build your first honeypot then?  Were you not
a beginner?  There are different types of beginners here.  One that has
training and one that does not.  Think about it how does anyone build
anything?  If everyone took your approach we'd be back in the stone ages! 
Everyone has to start somewhere.


Please take my response to this in the good spirit in which it is intended: to 
correct the errors you made in your criticisms. This is not a flame, which 
would be inappropriate (and I think the moderator would agree).

This is irrational. I think you are coming to this conclusion because you are 
defining "advanced" security professionals (as I called them in my post), as 
those who already know a great deal about honeypots and have experience using 
them.

I use the term advanced in the context applied to the general area of security 
which is exactly the way I said it: "advanced security researchers" (applied 
to the general area of security). In other words, people new to information 
security should NOT be operating honeypots. First, they should be working on 
other necessary skills such as firewalls, intrusion detection, system 
hardening, etc, etc. 

Those who have those necessary skills and experience in practicing them, are 
much better prepared to deal with the delicate process of observing attackers 
while preventing them from attacking others. 

So back to your question:
"How did you build your first honeypot then?"
I first did a lot of research on the subject and attended a SANS lecture by 
Lance Spitzner of the Honeynet project. I then applied my previous 4 years of 
professional security experience and combined that with the research that I 
did on honeypots BEFORE attempting to operate one.

As far as my response to your other comment:
"If everyone took your approach, we'd be back in the stone ages!"

This also demonstrates a lack of rational thought. Man first had to learn to 
create fire before he could build electric generators. This is the same 
concept in all fields of knowledge: you must learn the fundamental concepts 
before you learn the advanced ones which rely on those fundamentals. 

Any further questions I can help you with?
-- 
Miles Stevenson
miles () mstevenson org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63

Attachment: _bin
Description:

Current thread:

Intro To Hacking Jason Dusek (Oct 15)
- Re: Intro To Hacking Miles Stevenson (Oct 18)
  - Re: Intro To Hacking Jonathan Loh (Oct 19)
    - Re: Intro To Hacking Miles Stevenson (Oct 19)
- Re: Intro To Hacking VHP3 (Oct 18)
  - Re: Intro To Hacking Greg Tracy (Oct 18)
    - Re: Intro To Hacking Barrie Dempster (Oct 19)
  - Re: Intro To Hacking Micheal Espinola Jr (Oct 18)
- Re: Intro To Hacking Jon Lawhead (Oct 18)
  - Re: Intro To Hacking xyberpix (Oct 20)
- Re: Intro To Hacking Andrew Smith (Oct 18)
  - Re: Intro To Hacking Jason Dusek (Oct 18)
    - Re: Intro To Hacking Andrew Smith (Oct 18)
    - Re[2]: Intro To Hacking Jeffrey S. Sims (Oct 20)

(Thread continues...)