Honeypots mailing list archives
RE: Heisenberg in the honeypot
From: Harlan Carvey <keydet89 () yahoo com>
Date: Tue, 22 Jun 2004 07:53:23 -0700 (PDT)
Chuck,
Are you assuming that this person has inside information that there is definately no honeypots being used in the network?
Yes and no. My assumption is that someone with the knowledge level to truly discover a completely new vulnerability and develop an exploit for it, and has the desire to use it for malicious purposes w/o being discovered, will also have the knowledge and ability to determine that there are no honeypots on the target network, or at least be relatively sure that the probability of having honeypots is extremely low.
If so then obviously they are going to use that as their test lab.
Not necessarily. You're making a couple of assumptions that I'm not subscribing to.
Without the inside info, how can the person be totally sure without a doubt that there is no honeypot there?
There are ways to find this, and also ways to find out if honeypots do exist, but they're not being managed. Usenet searches (employed by pen-testers), talking to disgruntled employees and frustrated admins, etc.
Current thread:
- Re: Heisenberg in the honeypot, (continued)
- Re: Heisenberg in the honeypot Valdis . Kletnieks (Jun 22)
- Minefields Lance Spitzner (Jun 22)
- Re: Minefields MrDemeanour (Jun 23)
- RE: Heisenberg in the honeypot Harlan Carvey (Jun 21)
- RE: Heisenberg in the honeypot Chuck Fullerton (Jun 21)
- RE: Heisenberg in the honeypot Harlan Carvey (Jun 22)
- Re: Heisenberg in the honeypot James Riden (Jun 22)
- Re: Heisenberg in the honeypot Harlan Carvey (Jun 22)
- RE: Heisenberg in the honeypot Chuck Fullerton (Jun 22)
- RE: Heisenberg in the honeypot Harlan Carvey (Jun 22)
- Re: Heisenberg in the honeypot Valdis . Kletnieks (Jun 22)