Re: Honeyd on firewall machine ?
From: erik (erik_at_geenspam.vanwesten.net)
Date: 09/23/04
- Previous message: Rich Teer: "Re: Beta testers needed - C to Java byte-code compiler/IDE"
- In reply to: George Pontis: "Honeyd on firewall machine ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 23 Sep 2004 19:03:33 +0200
George Pontis wrote:
> Is it folly to run honeyd on a firewall machine ? I see comments to
> the effect that one should not do this since a honeypot will be
> interacting with hostile agents. But the firewall logs show that the
> firewall is interacting with hostile agents all the time.
But a firewall should not run services. Any services. Certainly not
supposedly vulnerable services. That is plain stupid.
>
> While I do separate the mail and other servers in a small business
> environment, I am comfortable running spamd on the firewall and watch
> the log with some interest. Could I reasonably do the same with honeyd
> in a systrace sandbox ?
Use a machine in a dmz, safely contained...
EJ
-- Remove the obvious part (including the dot) for my email address. http://www.vanwesten.net for examples of ipf and pf.
- Previous message: Rich Teer: "Re: Beta testers needed - C to Java byte-code compiler/IDE"
- In reply to: George Pontis: "Honeyd on firewall machine ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
