On Sat, Dec 29, 2007 at 18:08:10 -0800, Tod Merley <todbot88@xxxxxxxxx> wrote: > > Honey pots are more of a risk I would agree. Containment is a real > issue since the goal of many exploiters is to use your machine to > spread their wares. I guess I am hoping that the containment issues > can be resolved so we can have them as a tool to see what got in - > what it was and how it grows - hopefully to be able to go and deal > with it's progenitor. You also need to consider that you could be held liable for attacks made out from your honeypot. Containment isn't simple. If you block outgoing connections the attcker is going to notice right away. Trying to selectively block connections without tipping off the attacker is tricky. Personally I think they are way to much of a time sink to be beneficial to improving security for a home user. A large enterprise or a cooperative effort are where they can be useful.
