Re: Introducing the Tactical Honeynet Deployment Project

[Chris Reining <creining () packetfu org>]

On Tue, Sep 02, 2003 at 12:43:47PM -0400, Scott Garman wrote:
> Some intermediate-level attackers might break into a few systems for
> political purposes. Running a site on the theme of a political or social
> cause could attract this kind of blackhat. Keeping the system well
> hardened is generally enough to raise the bar above script kiddies.

They *might*. I see a barrier to this type of deployment in the cost
that it will take to both buy a domain that will be a target of hacktivism
and do all the legwork of getting the machine/website up. And if it's
not a high profile site, as in the case of a honeypot-centric setup, I
don't see why an attacker would even be enticed.

Perhaps a better idea would be to try and find defunct organizations
and take over their domain or get it when it expires. This would
probably be a lengthy process but you'd have a domain with some
establishment.

> Also, wouldn't breaking into the site of a self-proclaimed "security
> expert" be something that an egotistical blackhat would love to brag
> about?

Again, you need something with establishment. I remember Theo deRaadt,
k2, and Ryan Russell supposedly getting hacked by el8 (I may be off on
this, please CMIIW). Nobody, except the kiddies, are going to want to
hack a nobody claiming on IRC they're 1337.

> For these two scenarios, you still won't be catching well-disciplined
> professionals, but you might get more interesting attacks, possibly

I agree.

Chris

Attachment: _bin
Description: