[Fedora] Seeing input on Securing the Linux system from intrusions and attacks.
Bruno Wolff III
bruno at wolff.to
Mon Dec 31 00:30:27 UTC 2007
On Sat, Dec 29, 2007 at 18:08:10 -0800,
Tod Merley <todbot88 at gmail.com> wrote:
>
> Honey pots are more of a risk I would agree. Containment is a real
> issue since the goal of many exploiters is to use your machine to
> spread their wares. I guess I am hoping that the containment issues
> can be resolved so we can have them as a tool to see what got in -
> what it was and how it grows - hopefully to be able to go and deal
> with it's progenitor.
You also need to consider that you could be held liable for attacks made
out from your honeypot.
Containment isn't simple. If you block outgoing connections the attcker is
going to notice right away. Trying to selectively block connections without
tipping off the attacker is tricky.
Personally I think they are way to much of a time sink to be beneficial
to improving security for a home user. A large enterprise or a cooperative
effort are where they can be useful.
More information about the fedora-list
mailing list