Educause Security Discussion mailing list archives
Re: Honeypots - All dried up by Super-DMCA
From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Mon, 5 May 2003 08:26:45 -0500
Seems it wouldn't be a problem at all, if you didn't use the information to seek out and prosecute. If we had one, and I'm not saying we do and I'm not saying we don't :-) it would be populated with devices representative of what is on campus, and we would use the information gathered to improve security of devices on campuses, or develop better detection tools. M. -- Mark S. Bruhn, CISSP Chief IT Security and Policy Officer Interim Director, Research and Educational Networking Information Sharing and Analysis Center (ren-isac () iu edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu -----Original Message----- From: Schmidt, Eric W Sent: Friday, May 02, 2003 2:14 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Honeypots - All dried up by Super-DMCA The only thing I can think of would be to draw on my experience as a former federal law enforcement agent that says you never want to be the one that makes bad case law. Since honeypots really haven't been tested in court, that would be one of my concerns. Eric W. Schmidt, CISSP, CISM, DABFE Information Security Officer Indiana University School of Medicine office: 317-278-8751 email: erschmid () iupui edu -----Original Message----- From: David L. Wasley [mailto:david.wasley () UCOP EDU] Sent: Friday, May 02, 2003 11:51 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Honeypots - All dried up by Super-DMCA I'm not a lawyer :-) but the way I read Tim Liston's article, I think it's not clear that the law prohibits distribution or use of LaBrea (although it might provoke legal action and that is really the issue for Tim). What Tim quotes says honeypots would be illegal "without the express consent or express authorization of the communication service provider". If the campus (the communications service provider) specifically approved the use of a honeypot on its network, then it should not be a problem. As for "to conceal or to assist another to conceal from any communication service provider or from any lawful authority the existence or place of origin or destination of any communication" - simply make sure the logs are available to the campus network NOC. What am I missing? David ----- At 10:53 PM -0400 on 5/1/03, Pete Hoffswell wrote:
honeypots are very very cool. I would be weary implementing them at
this time, however.
Unfortunately, because of the DMCA laws, they may be illegal. Reference - Tom Liston, maker of Labrea, has stopped distributing his great
software due to Illinois Super-DMCA laws:
http://www.hackbusters.net/ Slashdot, etc, reports that new Michigan laws has made the development
of honeyd illegal:
http://slashdot.org/articles/03/04/15/1454218.shtml?tid=153 If anyone gets council clearing them to use labrea or honeyd, I would
be very interested.
- Petemorrow.long () YALE EDU 05/01/03 21:25 PM >>>Lance Spitzner article on how 'honeypots' can be effective tools in the information security kit for protecting production nets (as opposed to just research experiments for collecting data): http://www.securityfocus.com/infocus/1690 Morrow ********** Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Re: Honeypots - All dried up by Super-DMCA Pete Hoffswell (May 01)
- <Possible follow-ups>
- Re: Honeypots - All dried up by Super-DMCA H. Morrow Long (May 02)
- Re: Honeypots - All dried up by Super-DMCA David L. Wasley (May 02)
- Re: Honeypots - All dried up by Super-DMCA Schmidt, Eric W (May 02)
- Re: Honeypots - All dried up by Super-DMCA Bruhn, Mark S. (May 05)
- Re: Honeypots - All dried up by Super-DMCA Bruhn, Mark S. (May 05)