[Fedora] Seeing input on Securing the Linux system from intrusions and attacks.
Ed.Greshko at greshko.com
Mon Dec 31 00:52:28 UTC 2007
Bruno Wolff III wrote:
> On Sat, Dec 29, 2007 at 18:08:10 -0800,
> Tod Merley <todbot88 at gmail.com> wrote:
>> Honey pots are more of a risk I would agree. Containment is a real
>> issue since the goal of many exploiters is to use your machine to
>> spread their wares. I guess I am hoping that the containment issues
>> can be resolved so we can have them as a tool to see what got in -
>> what it was and how it grows - hopefully to be able to go and deal
>> with it's progenitor.
> You also need to consider that you could be held liable for attacks made
> out from your honeypot.
> Containment isn't simple. If you block outgoing connections the attcker is
> going to notice right away. Trying to selectively block connections without
> tipping off the attacker is tricky.
> Personally I think they are way to much of a time sink to be beneficial
> to improving security for a home user. A large enterprise or a cooperative
> effort are where they can be useful.
This may have been pointed out already...not enough time to read all the
If one establishes a honeypot you may run into an unintended consequence or
two. If you set it up and have open relays and open proxies it is certainly
possible to find your network black listed to the point where legitimate
traffic won't make it to your systems.
The only one that may end up getting stung is yourself.
He who loses, wins the race,
And parallel lines meet in space.
-- John Boyd, "Last Starship from Earth"
More information about the users