Honeypots mailing list archives
Re: Honeynet Alliance Charter Question
From: Lance Spitzner <lance () honeynet org>
Date: Wed, 16 Mar 2005 13:14:47 -0600
Kill a couple of birds here with one stone :)
Greetings all,I was wondering if someone could explain to me the meaning and purpose of the honeynet alliance requirement 4.8 involving data capture.
The Alliance charter was first drafted in 2002, three years ago. Back then things were much simpler, predominantly script kiddie activity. Today, threats have changed dramatically, they are far more sophisticated and organized. So to have honeypots changed. Some possible examples.
- Client honeypots that initiate connections to webservers to see if they have malicious content. - Bogus data is fed as honeytokens into Phishing spam to track how identity theft is used. - Bots hack a honeypot and attempts to connect the honeypot to the Botnet. The honeypot then re-establish that connection.
What worked 3 years ago no longer works today. The statement you point out in the charter is dated just like the technology. We will most likely end up changing it, as the simple terms 'passive' and 'active' no longer apply.
I think a big part of liability depends on whether or not you are monitoring with the intent of using it in a criminal prosecution.
All data is strictly for research purposes, absolutely no prosecution. Alliance members often share their data with their local CERTS. For example, in our recent BOT paper, the data was collected in Germany. The German Honeynet Project has a relationship with DFN-CERT.
The challenge we always have is not only are honeypots a new technology, but The Honeynet Research Alliance is made up of independant organizations, world-wide, who perform independant research as part of an effort to contribute to the field. In other words, they are affiliated with the Honeynet Project, but distinctly separate from it. That is an important distinction, since each group operates under the laws and ethics of their own country of origin, while also following a common set of guidelines set out in our charter. We are also always trying to actively identify the legal and ethical issues involved, as you pointed out in the legal chapter of our new book (http://www.honeynet.org/book).
Hope this helps! lance
Current thread:
- Honeynet Alliance Charter Question Adam Carlson (Mar 15)
- Re: Honeynet Alliance Charter Question sushant (Mar 15)
- RE: Honeynet Alliance Charter Question Christopher Cook (Mar 15)
- Re: Honeynet Alliance Charter Question Adam Carlson (Mar 16)
- Re: Honeynet Alliance Charter Question Chris Brenton (Mar 16)
- Re: Honeynet Alliance Charter Question Sushant Sinha (Mar 16)
- Re: Honeynet Alliance Charter Question Adam Carlson (Mar 16)
- Re: Honeynet Alliance Charter Question Chris Brenton (Mar 16)
- Re: Honeynet Alliance Charter Question sushant (Mar 15)
- <Possible follow-ups>
- RE: Honeynet Alliance Charter Question Croad Christopher D Contr AFRL/IFOSS (Mar 16)