Re: New deployment concept - honeypot farms

[Fabian Bieker <fabian.bieker () web de>]

On Mon, Aug 18 2003, Lance Spitzner wrote:
>   Honeypots Farms
>   http://www.securityfocus.com/infocus/1720

Great Paper! I hope we can use this concept for our local (Germany,
Kassel) honeypot project. We alreay use OpenVPN to get some static
IP-Addresses, from a small ISP, rerouted to our honeynet. Maybe we
should publish a paper about this in English?

I think honeypot farms are of great value not only for really large
sites. I talked to a lot System Administrators who what to deploy
honeypots, but they are to busy, don't want to read all the papers...

Imho there is a great amout of attacks, wich just get droped by
Packetfilters and IPSes. That is a pitty, since the attacker could also
be redirected to a honeynet. What do you think?

Our project is just starting. Currently all of our people are quite
busy. I would like to offer such a 'redirecting blackbox' to the public.
Since the admins are happy, since the attackers are redirected to a
honeynet. The honeypot guys (us) are happy, since we get more Data to
analyse. Imho the main problem with this concept is, that you have to
trust the admins not to tell the wrong people the adresses of your
honeypots.

Currently I ain't got any time left, to work on such a blackbox concept
:-( . But i want to discuss the idea.

sorry for my lame english,

        fabian
-- 
https://kassel.ccc.de/honey/
BOFH excuse #290:
The CPU has shifted, and become decentralized.