Re: Cracked; rootkit - entrapment question?

[jlewis () JASONLEWIS NET (Jason Lewis)]

Drew Smith wrote:

> I'd like to create a honeypot of sorts; a chroot environment that
looks
> and feels like the machine, and that allows the cracker to do
everything
> he normally would want to from the shell.  I'd like to log everything
to
> another machine, and get the police in on it.

<snip>

Why go through all the time and effort to create a honeypot.  Why don't
you concentrate on securing the systems they have and putting up some
kind of firewall.  Are you getting paid to exact revenge for someone
exploiting a lack of security?  Will you leave that machine sitting
forever waiting for the attacker to come back?  Don't you think you will
be doing your client more of a service by wiping the machine, starting
from scratch and making sure it is secure when you leave?

I may be naive, but it seems like calling in the FBI is like trying to
kill a housefly with an Elephant gun.  Don't they have enough to do
without worrying about every insecure machine on the Internet that has
been compromised.  I am still waiting to hear who is responsible for the
DoS attacks.  I don't think they will ever find the culprit.  Since when
did the FBI become the Internet police?  I log several attacks a day,
mostly from out of the country.  Do I call the FBI for every attack?

Instead of trying to have the attackers (who are probably under 18)
jailed, why don't we work towards making sure people are aware of the
problem and have tools available to help secure their machines.  It
seems the common answer is to throw everyone in jail, when we should be
concentrating on educating people.

Jason
http://www.jasonlewis.net