Bruno Wolff III wrote: > On Sat, Dec 29, 2007 at 18:08:10 -0800, > Tod Merley <todbot88@xxxxxxxxx> wrote: >> Honey pots are more of a risk I would agree. Containment is a real >> issue since the goal of many exploiters is to use your machine to >> spread their wares. I guess I am hoping that the containment issues >> can be resolved so we can have them as a tool to see what got in - >> what it was and how it grows - hopefully to be able to go and deal >> with it's progenitor. > > You also need to consider that you could be held liable for attacks made > out from your honeypot. > > Containment isn't simple. If you block outgoing connections the attcker is > going to notice right away. Trying to selectively block connections without > tipping off the attacker is tricky. > > Personally I think they are way to much of a time sink to be beneficial > to improving security for a home user. A large enterprise or a cooperative > effort are where they can be useful. This may have been pointed out already...not enough time to read all the posts... If one establishes a honeypot you may run into an unintended consequence or two. If you set it up and have open relays and open proxies it is certainly possible to find your network black listed to the point where legitimate traffic won't make it to your systems. The only one that may end up getting stung is yourself. -- He who loses, wins the race, And parallel lines meet in space. -- John Boyd, "Last Starship from Earth"