Honeypots mailing list archives
RE: Requiring help for implementation testing.
From: "Gregory Lemmon" <glemmon () onealwebster com>
Date: Tue, 1 Feb 2005 11:39:16 -0400
I am new to this list and just entering the infosec arena. I thought about that request myself, and the same issues arose was just not sure how to articulate the concerns. I am glad to see someone else raise it, and I am in full agreement with the position. It is not easy to do the checks and balances, to verify that you are really who you say you are, and that we are not being asked to attack a production system. Gregory -----Original Message----- From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: Monday, January 31, 2005 10:16 PM To: José Vicente Tomé Vecchione Cc: honeypots () securityfocus com Subject: Re: Requiring help for implementation testing. On Mon, 31 Jan 2005 15:00:56 -0400, =?ISO-8859-1?Q?Jos=E9_Vicente_Tom=E9_Vecchione?= said:
As many of you have lot of knowledge on this we where wondering if any of you may help us by attacking this honeypot and sharing any experience and comments about the attacks and the functionality of our honeypot.
Guaranteed that there are people on this list that could make your honeypot into a smoking pile of rubble in a few dozen packets. The problem is that there's no good way for us to know we're not about to make an actual production system into a smoking pile of rubble..... I can be fairly sure that if mail from (say) Dave Dittrich or Lance Spitzner shows up saying "Have at it..", that it's really their box and permission is granted (after I ping them at their usual e-mail address to make sure it's not a spoofed mail of course). Of course, that's due in large part to the fact that they're Dave and Lance. In general, this is a hard-to-solve problem. There's various cryptographic schemes (S/MIME and PGP being the leaders) that can be used to prove that I'm actually me and not an impostor. There's at the current time no really good way for me to prove that I actually have the authority to offer a system for attack. (In fact, a bit of thinking about "checks and balances" would show why it's a *bad* idea for me to have the authority to say anything resembling "official policy" or anything involving access control.. ;)
Current thread:
- Requiring help for implementation testing. José Vicente Tomé Vecchione (Jan 31)
- Re: Requiring help for implementation testing. Valdis . Kletnieks (Feb 01)
- <Possible follow-ups>
- RE: Requiring help for implementation testing. Gregory Lemmon (Feb 01)
- Re: Requiring help for implementation testing. Guillaume.Rix (Feb 01)
- Message not available
- Re: Requiring help for implementation testing.; Re: Re: Requiring help for implementation testing. Valdis . Kletnieks (Feb 01)