Re: Honeypot detection and countermeasures
From: Larry Colen (lrcrypto_at_red4est.com)
Date: 06/18/03
- Previous message: Larry Colen: "Honeypot detection and countermeasures"
- Maybe in reply to: Larry Colen: "Honeypot detection and countermeasures"
- Next in thread: Michael Boman: "Re: Honeypot detection and countermeasures"
- Reply: Michael Boman: "Re: Honeypot detection and countermeasures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 17 Jun 2003 19:15:01 -0700 To: "Brass, Phil (ISS Atlanta)" <PBrass@iss.net>
Good point. I was more envisioning a scenario where the client was
testing the whole security system, including the
honeypots. I.e. hiring a pen-tester without giving the pen-tester any
knowldege of the system before hand.
If I seem like a clueless newbie, I hope that I at least seem like a
polite clueless newbie. I'll crawl back into my hole and lurk a bit
more.
Larry
On Tue, Jun 17, 2003 at 09:52:08PM -0400, Brass, Phil (ISS Atlanta) wrote:
> I think most pentest clients are more concerned with the safety of their
> production systems - why pay somebody to attack a decoy? To see how
> effective the decoy is? I haven't seen that level of paranoia in any of
> my clients.
>
> Pointing a pentester at a honeypot could easily result in them spending
> all their time breaking into the honeypot network. Since many clients
> expect to see if their production systems are at risk during a pentest,
> this would be counterproductive.
>
> Phil
>
> > -----Original Message-----
> > From: Larry Colen [mailto:lrcrypto@red4est.com]
> > Sent: Tuesday, June 17, 2003 6:03 PM
> > To: pen-test@securityfocus.com
> > Subject: Honeypot detection and countermeasures
> >
> >
> > I'm doing some research on honeypot detection, and preventing
> > honeypots from being detected. I'd greatly appreciate some
> > feedback from pen-testers on the following issues:
> >
> > Do you worry about being detected by honeypots?
> >
> > When you do a pen-test, do you already know of the existence
> > of honeypots, and their location, so that it is an easy
> > matter to avoid them?
> >
> > If you are concerned about honeypots, how do you test to see
> > if the system under attack is a honeypot or a production machine?
> >
> > Thanks,
> > Larry
> >
> >
> >
> > --------------------------------------------------------------
> > -------------
> > Attend the Black Hat Briefings & Training, July 28 - 31 in
> > Las Vegas, the
> > world's premier technical IT security event! 10 tracks, 15
> > training sessions,
> > 1,800 delegates from 30 nations including all of the top
> > experts, from CSO's to
> > "underground" security specialists. See for yourself what
> > the buzz is about!
> > Early-bird registration ends July 3. This event will sell
> > out. www.blackhat.com
> > --------------------------------------------------------------
> > --------------
> >
> >
---------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
- Previous message: Larry Colen: "Honeypot detection and countermeasures"
- Maybe in reply to: Larry Colen: "Honeypot detection and countermeasures"
- Next in thread: Michael Boman: "Re: Honeypot detection and countermeasures"
- Reply: Michael Boman: "Re: Honeypot detection and countermeasures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
