discuss: Honeypot Howto
Subject:
Re: Honeypot Howto
From:
Alexander Bartolich ####@####.####
Date:
12 Jul 2002 11:53:05 -0000
Message-Id: <18818.1026474762@www6.gmx.net>
Alan Evans wrote:
> [...] Anyway I am writing to put forth an idea for
> a HOWTO I would like to author and submit.
Nice.
> [...] Here is [...] a general outline.
> [...] Legal implications ??
IMHO a very interesting item.
Am I liable for harm caused to third parties through
intrudors with help of my honeypot machine?
How fast must I react if I notice such activities?
> [...] Serial port logging (don't know much about
> this!! May need help here)
I guess you don't mean TCP/IP over a SLIP connection.
What about the Remote-Serial-Console-HOWTO?
http://www.tldp.org/HOWTO/Remote-Serial-Console-HOWTO/index.html
> Logging bash_history to the syslog
Is that really an issue?
What about 'exec tcsh' or
rm -f .bash_history
ln -s /dev/null .bash_history
> Snort
Is that the only IDS you consider?
IMHO there enough of them to write a extra HOWTO:
http://www.networkintrusion.co.uk/ids.htm
> [...]
> Why VMWare
> Why Linux-Linux
Is user-mode kernel any good for your purpose?
http://user-mode-linux.sourceforge.net/
> I look forward to comments and to hearing if this is a good idea.
I'm just a spectator on the list.
But I think the official LDP people will like it.
Just do it. And accept feedback generously.
--
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net