Re: Requiring help for implementation testing.

[Valdis.Kletnieks () vt edu]

On Mon, 31 Jan 2005 15:00:56 -0400, =?ISO-8859-1?Q?Jos=E9_Vicente_Tom=E9_Vecchione?= said:

> As many of you have lot of knowledge on this we where wondering if any
> of you may help us by attacking this honeypot and sharing any
> experience and comments about the attacks and the functionality of our
> honeypot.

Guaranteed that there are people on this list that could make your honeypot
into a smoking pile of rubble in a few dozen packets.  The problem is that there's
no good way for us to know we're not about to make an actual production system
into a smoking pile of rubble.....

I can be fairly sure that if mail from (say) Dave Dittrich or Lance Spitzner
shows up saying "Have at it..", that it's really their box and permission is
granted (after I ping them at their usual e-mail address to make sure it's not
a spoofed mail of course).  Of course, that's due in large part to the fact
that they're Dave and Lance.  

In general, this is a hard-to-solve problem.  There's various cryptographic
schemes (S/MIME and PGP being the leaders) that can be used to prove that I'm
actually me and not an impostor.  There's at the current time no really
good way for me to prove that I actually have the authority to offer a system
for attack.  (In fact, a bit of thinking about "checks and balances" would show
why it's a *bad* idea for me to have the authority to say anything resembling
"official policy" or anything involving access control.. ;)

Attachment: _bin
Description: