Penetration Testing mailing list archives
Re: [PEN-TEST] Recourse Technologies -- info wanted
From: Ryan Permeh <ryan () EEYE COM>
Date: Tue, 3 Oct 2000 10:01:09 -0700
I have some qualms about putting a "target" on my network. i understand that they may facilitate tracking an attacker, but honestly, why not invest your money into building a secure architecture in the first place? A fake "insecure" host or network may lead an attacker to find a vulnerable real host there. I understand a honeypot's use in an academic or research environment, but as an enterprise appliance, it seems like a pretty poor idea. I agree with mark on building traps on existing insecure operating systems, but i'd take it one further, an unkown, proprrietary operating system isn't better. just because no vulnerabilities have been found doesn't mean that no vulnerabilities exist, and even honeypot designers can make mistakes. A host based ids (or decent systems accounting) paired with a integrity checking system like tripwire can maintain the integrity of your system and allow you to track user actions and attacks. And it won't place a big bullseye on your back at the same time. as for back tracing, i'd like to see more information on this before making any deep judgement. i'm not going to say it's impossible, but i'd find it hard to believe that anything man trap could do couldn't be replicated with a sniffer or ids system.(packet inconsistanceies, etc can all be watched for, as can sequences of out of sync tcp packets). Signed, Ryan eEye Digital Security Team http://www.eEye.com ----- Original Message ----- From: "Mark Teicher" <mark.teicher () NETWORKICE COM> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Tuesday, October 03, 2000 8:40 AM Subject: Re: Recourse Technologies -- info wanted
Yes, I evaluated an earlier version of their ManTrap and ManHunt application prior to the recent release. It has a long way to go before it can be deployed in an enterprise type environment. I had a lot of issues with them designing a HoneyPot like application on top of a known operating system. It didn't really make
much
sense to me, and still doesn't. I have been trying to setup a meeting
with
them to discuss the various issues and have continued to re-schedule so there I have given up providing them any information that may help them improve their product at an enterprise level. Supposedly they have a nifty BackTrace (hacker trace) and supposedly are able to reveal a SPOOFED IP address and reveal the real source of the traffic. At InterOp, they could not demonstrate this for me. /mark At 07:05 PM 10/2/00 -0700, Andrew Teklemariam wrote:Hello: Has anybody dealt with or know about Recourse Technologies (www.recoursetechnologies.com) and its products? Any info is
appreciated.
Thanks, -andrew
Current thread:
- [PEN-TEST] Recourse Technologies -- info wanted Andrew Teklemariam (Oct 02)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ben Rothke (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Mark Teicher (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Mark Teicher (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ryan Permeh (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ben Rothke (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Erik Tayler (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ryan Permeh (Oct 03)
- <Possible follow-ups>
- Re: [PEN-TEST] Recourse Technologies -- info wanted subscribe (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Mark Teicher (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Paul Cardon (Oct 09)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Oliver Friedrichs (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Peter Van Epp (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Mark Teicher (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Andrew Lawton (Oct 04)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ben Rothke (Oct 03)