Honeypots mailing list archives

Few questions about sp800-31

From: "Kuznetsov A.N." <pm_kan () mail ru>
Date: Mon, 27 Nov 2006 16:27:09 +0300

Hi list,
   recently I have read sp800-31(NIST Special Publication on Intrusion Detection
System) and have some questions about it.

On page 28 they wrote about disadvantages of Honey Pots and Padded Cells
 - The legal implications of using such devices are not well defined
What kind of problems with law can any have when using Honey Pot or Padded Cell?
The best thing I can guess that it can be some problems if IDS redirect legal
user to Padded Cell and he get wrong info.
 - An expert attacker, once diverted into a decoy system, may become angry and
launch a more hostile attack against an organization’s systems.
How such sentences can be in official documents? Thinking in such way we should
disable all security mechanisms in order to not make attacker angry.

Sorry for my English^)
-- 
Best regards,
 Kuznetsov Andrey           pm_kan () mail ru

Current thread:

Few questions about sp800-31 Kuznetsov A.N. (Nov 27)
- Re: Few questions about sp800-31 Valdis . Kletnieks (Nov 27)
- <Possible follow-ups>
- RE: Few questions about sp800-31 Glenn.Everhart (Nov 27)
- Few questions about sp800-31 Kuznetsov A.N. (Nov 29)