Re: Honeypot within ISP Policies?

[Valdis.Kletnieks () vt edu]

On Mon, 10 Apr 2006 12:17:15 +0200, Patrick Debois said:

> -Suppose attackers will use my honeypot to go outside, can I be held 
> responsible for this?

You're certainly at greater legal risk if you were intentionally running
a honeypot rather than some clueless Windows user who got 0wned.

> -Do I need to have special agreements for this of my ISP?

First rule of pen-testing and vulnerability scanning:  Always get an in-writing
"get out of jail free" card up front.  This almost certainly applies to
running a honeypot - first off, it will help with the ISP.  Secondly, it will
help your defense when you try to say "it wasn't me hacking the Pentagon, it
was somebody in the honeypot.." ;)

Attachment: _bin
Description: