RE: honeypot in conjunction with pen test?

• Previous message: Gregory Duchemin: "Re: faster scans? (nmap)"
• Next in thread: Javier Fernandez-Sanguino Pena: "RE: honeypot in conjunction with pen test?"
• Reply: Javier Fernandez-Sanguino Pena: "RE: honeypot in conjunction with pen test?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 5 Jun 2002 18:15:21 +0200
From: "Aleksander P. Czarnowski" <alekc@avet.com.pl>
To: <pen-test@securityfocus.com>

I don't believe that installing honeypots before pen-test is a really
good idea.

If you consider just technological issues the honeypots don't proof
anything during pen-tests (I assume that the pentester is a pro): many
methodologies adjust to specific situation so at the end different tools
would be used against your honeypot and other parts of the system. On
could argue that it is possible to sniff all of pen-tester traffic to
verify what tests he really performed, but it in almost every case it is
just a waste of your time (unless you like strange learning approaches).

It also takes time and other resources to install before test and remove
honeypot after them. During this process you can unintentionally modify
state of your system so at the end pen-test results won't reflect
current system state.

Honeypot can also attract real attackers and it could lead to several
consequences. One of them is interference with pen-tests.

Just my 2 cents,
Best Regards,
Aleksander Czarnowski
AVET INS

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: Gregory Duchemin: "Re: faster scans? (nmap)"
• Next in thread: Javier Fernandez-Sanguino Pena: "RE: honeypot in conjunction with pen test?"
• Reply: Javier Fernandez-Sanguino Pena: "RE: honeypot in conjunction with pen test?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Honeypot detection and countermeasures ... told you that they are using a honeypot. ... unless you really want to spend all the time of the pen-test ... respond to your attack the way an exploited system would. ... Latest attack techniques. ... (Pen-Test) Re: Honeypot detection and countermeasures ... As a general rule, if I've been hired for a pen-test, I don't worry too ... much about being detected by a honeypot (but on the personal side, ... that can be easily avoided upon detecting them. ... (Pen-Test) SQL Injection - retrieving all rows ... I've been able to enumerate over 50 plus tables in a recent pen-test, ... now come the hard part - I want to dump data from the most important ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: [PEN-TEST] Wireless (In)Security ... Subject: [PEN-TEST] Wireless Security ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) RE: Proposal? ... Do you have a Pen-Test Agreement form drawn up yet? ... > This list is provided by the SecurityFocus Security ... > SecurityFocus' SIA service which automatically alerts you to ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint