Mailing List Archive

Support open source code!


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Honeypots



On Thu, Apr 11, 2002 at 05:47:38PM +0900, Christopher SEKIYA wrote:
> > The author says "if you have an insecure system it will be compromised"
> 
> ...
> 
> > My Redhat 6.2 server Honeypot was compromised
> 
> ... and we are surprised why?

surprised? Anyone worth their salt shouldn't be surprised but speaking 
honestly I know alot of people who are supposedly compentent enough to
run systems are surprised.  If they weren't and people were really clued
in then security would not be the messy problem that it is today. Still
no one should be surprised. 

> 
> If one deploys a machine with a direct (i.e., non-port-filtered) connection to the
> outside world without first locking it down, it _will_ be compromised.  Especially if
> it is a RedHat box -- more rootkits for RH flavours than any other UNIX.

Yep. The scary thing is he asked a coworker, who was apparently a *nix user, 
for a copy of RH, and the guy gave him 6.2.  I know its security is sieve
like but I wonder how many people just hear Linux is more secure than windows
and just assumes its safe.  The whole "lock down your systems and learn about
security" mantra can't be repeated enough.  I like things, even oddities like
honey pots, that bring attention to how serious security issues are with
hard numbers.  I have met people[1] who think security breakins only happen
to big companies or well known sites.  They need to be bludgeoned with a clue
by fore, and this is just the sort of thing that will bring the message 
home[2].  
> 
> I'm not convinced of the utility of a honeypot.  Reminds me of a bit that Robin
> Williams did at the Met: "it won't stop 'em, but it sure as hell will amuse them for
> awhile".
> 

I have the feeling that people who setup honey pots are almost like those
people on the wildlife shows[3] that go out tranquilize the animals, tag
them, and let them go.  They think they are studying some sort of animal.
They let them into the their cage watch 'em thrash around for a bit and
let 'em go. I don't think many of them are nearly as interested in improving
security as they are in 'understanding how these hackers think'.  Definitely
a waste of time in many respects but atleast it can make an interesting
read when your bored.

--Matt


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links