Honeypots mailing list archives
Re: tunable honeynets and entrapment
From: Joachim Schipper <j.schipper () math uu nl>
Date: Fri, 8 Apr 2005 23:17:09 +0200
On Sun, May 08, 2005 at 12:08:26PM -0400, Randy wrote:
Has anyone worked with tunable honeynets or written about them? I am working a variant honeynet that actually catches the bad guys, not necessarily prosecutes them. Specifically I'm working on how to lure someone into a honeynet once he's gotten into your network...and looking for a term to call it..since it is way beyond high interactive... A valid entrapment defense has two related elements: (1) government inducement of the crime, and (2) the defendant's lack of predisposition to engage in the criminal conduct One way I'm looking at getting them into my honeynet is to use previously compromised boxes or images of boxes, backups of all my primary servers,... others thoughts? Also looking at how to get someone to want to break into a fully patches honeynet, but that's next week Randy
Dear Randy, I'm sorry, but I fail to understand what you are trying to do here. You say you are trying to 'catch' an attacker, but what does this mean? And what with the 'no prosecution' and legalese combined?
From what I understand from 'lur[ing] some into a honeynet once he's
gotten into your network', you intent to make the prize seem a little sweeter - but that's hardly revolutionary. Are we talking active defence here? Active 'honeying'? I am not quite the expert, so maybe I'm just being silly, but I'd appreciate it if you would take the time to elaborate and explain a little more... Joachim
Current thread:
- tunable honeynets and entrapment Randy (Apr 08)
- Re: tunable honeynets and entrapment Joachim Schipper (Apr 08)