RE: Effectiveness of a Honeypot

From: Gregory_DeGennaro@csaa.com
Date: 08/27/01

• Previous message: Reeves, Michael (GEAE, Compaq): "RE: Effectiveness of a Honeypot"
• Maybe in reply to: matheny: "Effectiveness of a Honeypot"
• Next in thread: Jonathan Rickman: "RE: Effectiveness of a Honeypot"
• Reply: Jonathan Rickman: "RE: Effectiveness of a Honeypot"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <97E963187BE1D211AF210008C7916094062C8892@EXCHMO03>
From: Gregory_DeGennaro@csaa.com
To: michael.reeves@ae.ge.com, matheny-ids@dbaseIV.net, focus-ids@securityfocus.com
Subject: RE: Effectiveness of a Honeypot
Date: Mon, 27 Aug 2001 09:05:04 -0700

A lot of security professionals will agree with Mike.

I asked two other well noted security professionals and they stated the
same.

Most of them think it is too risky to place on the company network.

If you want to play with a honeypot, make sure you get the honeypot is on
its own network and
make sure it will not draw attention to your company. Nothing worse then a
pist off cracker.
Some people have paid dearly for embarrassing a cracker, you may not want to
be one of them.

Here is a site to check out for more information.

http://project.honeynet.org/

-----Original Message-----
From: Reeves, Michael (GEAE, Compaq) [mailto:michael.reeves@ae.ge.com]
Sent: Monday, August 27, 2001 8:16 AM
To: 'matheny'; focus-ids@securityfocus.com
Subject: RE: Effectiveness of a Honeypot

I will give my 3 cents on this issue. Unless you are wanting to do research
on new tools in the wild or trying to learn a little about root kits etc. I
feel honeypots are more of a risk than anything. What better way to draw
attention to your network than having a wide open host. Now if you are
looking to snag someone internal they are great as long as they are not
accessable via the net. I am just not sure how effective sacraficing a lamp
to save the herd when it brings all the hungry wolves to the fence.

Mike

---

• Previous message: Reeves, Michael (GEAE, Compaq): "RE: Effectiveness of a Honeypot"
• Maybe in reply to: matheny: "Effectiveness of a Honeypot"
• Next in thread: Jonathan Rickman: "RE: Effectiveness of a Honeypot"
• Reply: Jonathan Rickman: "RE: Effectiveness of a Honeypot"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Effectiveness of a Honeypot ... Subject: Effectiveness of a Honeypot ... Admittedly it only caught a subset of the infected hosts, ... is that an IDS or a Honeypot? ... > Subject: Effectiveness of a Honeypot ... (Focus-IDS) RE: Effectiveness of a Honeypot ... Subject: Effectiveness of a Honeypot ... on new tools in the wild or trying to learn a little about root kits etc. ... this probably won't divert them from attacking and b.) ... (Focus-IDS) RE: Effectiveness of a Honeypot ... Subject: Effectiveness of a Honeypot ... There must be intent to commit a crime before one can be brought up on ... the law must be written before it is a crime. ... (Focus-IDS) RE: Effectiveness of a Honeypot ... Subject: Effectiveness of a Honeypot ... 2.Exploit Based (Use a Set of Exploits against a chosen target) ... people are setting-up Webservers all over the company's ... (Focus-IDS) Re: Reporting Probes ... Are you running a honeypot and collecting and compiling compelling ... Mike ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ids  > 2001-08