On Wed, 27 Apr 2005 17:13:45 -0400 Matthew Miller <mattdm@xxxxxxxxxx> wrote > On Wed, Apr 27, 2005 at 10:56:38AM -0500, Aleksandar Milivojevic wrote: > > >there are numerous brute force ssh attacks in the web. > > >I was quite curious, and for fun, I created the typical > > >user accounts and set easy to guess passwords.... > > Generally, very bad idea. Unless you know exactly what you are doing, > > which you obviously don't. > > What's the harm? I mean, assuming you're planning on doing a limited, > controlled experiment? I'd want users who try this to be a bit more prepared. If, for instance, you set up a honeypot without firewalling it off from the rest of your local net, you're practically inviting a new sysadmin, so to speak. If you're going to set up a honeypot, I'd suggest setting up a full honeynet, firewalled away from anything important, traffic monitored from outside the honeynet. (Otherwise, you tend to miss the most interesting stuff, anyway.) There's just a lot of traps you can fall into (this thread shows several examples). If you have the spare hardware and time, though, go for it. One thing -- I'd want to make sure the BIOS on every box inside the honeynet is write-protected physically, and I'd plan on sacrificing the hard drives. -- Joel Rees <rees@xxxxxxxxxxx> digitcom, inc. 株式会社デジコム Kobe, Japan +81-78-672-8800 ** <http://www.ddcom.co.jp> **
