Honeypots mailing list archives
RE: Few questions about sp800-31
From: <Glenn.Everhart () chase com>
Date: Mon, 27 Nov 2006 14:48:27 -0500
Andrey - The industry needs to use some other term than "honey pot" which suggests the systems are possibly what is termed an "attractive nuisance", i.e., something that attracts innocent passers-by to mess with it where they would not ordinarily be inclined to do so. Calling them something more neutral like "fiducial test canary boxes" or some such would not confuse legal folks. The major problems that could arise would be if the fiducial test canary boxes turned out to be jumping off points for further attacks. Someone might accuse their operator of not using ordinary care to keep such boxes from becoming threats to others, or so I imagine. The other issue could be that since the boxes are set up to be invaded, the operator thereof can hardly claim damage from that invasion, and some law enforcement folks might figure absent other invasions that they cannot make much of a case. Glenn Everhart -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of Kuznetsov A.N. Sent: Monday, November 27, 2006 8:27 AM To: honeypots () securityfocus com Subject: Few questions about sp800-31 Hi list, recently I have read sp800-31(NIST Special Publication on Intrusion Detection System) and have some questions about it. On page 28 they wrote about disadvantages of Honey Pots and Padded Cells - The legal implications of using such devices are not well defined What kind of problems with law can any have when using Honey Pot or Padded Cell? The best thing I can guess that it can be some problems if IDS redirect legal user to Padded Cell and he get wrong info. - An expert attacker, once diverted into a decoy system, may become angry and launch a more hostile attack against an organization’s systems. How such sentences can be in official documents? Thinking in such way we should disable all security mechanisms in order to not make attacker angry. Sorry for my English^) -- Best regards, Kuznetsov Andrey pm_kan () mail ru ********************************************************************** This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. **********************************************************************
Current thread:
- Few questions about sp800-31 Kuznetsov A.N. (Nov 27)
- Re: Few questions about sp800-31 Valdis . Kletnieks (Nov 27)
- <Possible follow-ups>
- RE: Few questions about sp800-31 Glenn.Everhart (Nov 27)
- Few questions about sp800-31 Kuznetsov A.N. (Nov 29)