Re: tunable honeynets and entrapment

[Joachim Schipper <j.schipper () math uu nl>]

On Sun, May 08, 2005 at 12:08:26PM -0400, Randy wrote:
> Has anyone worked with tunable honeynets or written about them?
>
> I am working a variant honeynet that actually catches the bad guys, not
> necessarily prosecutes them.
> Specifically I'm working on how to lure someone into a honeynet once he's
> gotten into your network...and looking for a term to call it..since it is
> way beyond high interactive...
>
>
> A valid entrapment defense has two related elements: (1) government
> inducement of the crime, and (2) the defendant's lack of predisposition to
> engage in the criminal conduct
>
> One way I'm looking at getting them into my honeynet is to use previously
> compromised boxes or images of boxes, backups of all my primary servers,...
> others thoughts?
> Also looking at how to get someone to want to break into a fully patches
> honeynet, but that's next week
> Randy

Dear Randy,

I'm sorry, but I fail to understand what you are trying to do here.
You say you are trying to 'catch' an attacker, but what does this mean?
And what with the 'no prosecution' and legalese combined?

> From what I understand from 'lur[ing] some into a honeynet once he's
gotten into your network', you intent to make the prize seem a little
sweeter - but that's hardly revolutionary.

Are we talking active defence here? Active 'honeying'?

I am not quite the expert, so maybe I'm just being silly, but I'd
appreciate it if you would take the time to elaborate and explain a
little more...

                Joachim