[TriLUG] Honeypots attract flies
Sat, 13 Jul 2002 14:17:12 -0400
Once upon a time, the Honeypot idea was good. If there was a pesky fly
buzzing around your network, you could setup a Honeypot and trap that fly...
My outer network is scanned/probed/attacked over 250 times per day. That's
a lot of damn flys. If I put a vulnerable system on my outer network, it is
generally hacked in less than 24 hours, and not just by one "fly"... if
there's a script that looks for the vulnerability, then there will be a
whole swarm stepping on top of each other - each laying their favorite eggs
in the system.
No. You don't want to put a Honeypot on your outer network...
- You'll lose Bandwidth
- You could be aiding and abetting crackers in performing DOS attacks
- You become a known site to check for vulnerabilities, so scans on your
- You learn almost nothing, as 99.999% of attacks come from other
- You can't do anything useful against hacker - you just provoke him and
then he DOSes you!!!
Leave Honeypots to the Feds. They can actually do something against a
Now, if you want to bring up an internal Honeypot, that is a whole different
game. Who inside your company is poking their virtual fingers where they
ought not? A Honeypot inside the gates, might be a really good idea.
From: email@example.com [mailto:firstname.lastname@example.org]On Behalf
Of Mike Mueller
Sent: Saturday, July 13, 2002 8:42 AM
Subject: [TriLUG] Honeypots attract flies
I found this link at slashdot this AM. While reading linked articles I
recalled a converstation on this list about staged hacking to analyse
vulnerabilities. The article's topic also ties in with recent conversations
on security and exploitable flaws in OpenSSH and Apache. The idea promoted
on www.lucidic.net is to set out a "honeypot" seemingly unprotected systems
and attract "flies" or hackers. Then you can study the flies while they do
fly things and share the results openly. This strikes me as a powerful
The whitepapers have a consistent and familiar look and feel thanks to
DocBook (my current fascination).
TriLUG mailing list
TriLUG Organizational FAQ: