Security Incidents mailing list archives
Re: Cracked; rootkit - entrapment question?
From: cdp () PEAKPEAK COM (Chuck Phillips)
Date: Sat, 4 Mar 2000 03:43:32 -0700
Jason Lewis writes:
Why go through all the time and effort to create a honeypot. Why don't you concentrate on securing the systems they have and putting up some kind of firewall. Are you getting paid to exact revenge for someone exploiting a lack of security?
I can't speak for the original poster, but there are other reasons for constructing a honeypot. 1. Understanding what kinds of attacks are being launched in general by direct observation. This can provide a great education. 2. Knowing what kinds of attacks, how often, etc., are being attempted on your own network specifically. This can be a great adjunct to your IDS. 3. Diverting attention away from more important machines in the short term. In the long term, this can backfire. After all, where there's one interesting machine, there may be others. Still, by observing the cracker, it may help in identifying the best steps to take in protecting the rest of your hosts -- *before* they are attacked.
I may be naive, but it seems like calling in the FBI is like trying to kill a housefly with an Elephant gun.
If no serious harm is done, and I do consider DoS as one form of harm, then calling the authorities is probably a waste of your time and theirs. Just log it for future reference and move on. Persistent attacks are another form of harm because they continually divert resources away from other tasks. If that darn script kiddie just won't go away or starts to escalate attacks as you lock things down, it's time to do something about it. Sooner or later, that kiddie is going to do someone serious harm even if it isn't to you. Just MHO, Chuck
Current thread:
- Re: Cracked; rootkit - entrapment question?, (continued)
- Re: Cracked; rootkit - entrapment question? Craig H. Rowland (Mar 09)
- Re: Cracked; rootkit - entrapment question? Seth Georgion (Mar 11)
- Re: Cracked; rootkit - entrapment question? Lison, Nathan (Mar 02)
- Re: Cracked; rootkit - entrapment question? Adam Pendleton (Mar 02)
- Re: Cracked; rootkit - entrapment question? Jason Lewis (Mar 02)
- Re: Cracked; rootkit - entrapment question? Roy Wilson (Mar 02)
- Re: Cracked; rootkit - entrapment question? Filip M. Gieszczykiewicz (Mar 03)
- Re: Cracked; rootkit - entrapment question? Chuck Phillips (Mar 03)
- Re: Cracked; rootkit - entrapment question? Chuck Phillips (Mar 03)
- Re: Cracked; rootkit - entrapment question? Lison, Nathan (Mar 03)
- Re: Cracked; rootkit - entrapment question? Chuck Phillips (Mar 04)
- Re: Cracked; rootkit - entrapment question? Hal Lockhart (Mar 15)
- Re: Cracked; rootkit - entrapment question? Bob (Mar 15)
- Re: Cracked; rootkit - entrapment question? CL: Nelson, Jeff (Mar 15)
- Re: Cracked; rootkit - entrapment question? Jon Lewis (Mar 16)
- Re: Cracked; rootkit - entrapment question? Michael Stone (Mar 17)
- Re: Cracked; rootkit - entrapment question? Robert G. Ferrell (Mar 15)
- Re: Cracked; rootkit - entrapment question? Eric the Fruitbat (Mar 17)
- Re: Cracked; rootkit - entrapment question? David Pick (Mar 20)
- Re: Cracked; rootkit - entrapment question? David Brumley (Mar 17)
- Re: Cracked; rootkit - entrapment question? Eric the Fruitbat (Mar 17)