8 comments

[ 3.2 ms ] story [ 27.4 ms ] thread
It needs a 2014 in the title, even if the content is still relevant.
Read the whole thing through. Awesome stuff, not too crazy/low-level, and presented in a easy-to-understand, sequential way. Great stuff
How much do we know about honeypot liability?

It seems like the last time I looked into this, precedents were not well established. In school, we avoided the issue by only doing exercises on virutualized networks not routed to the real internet.

I have been tempted to do this sort of thing myself, but I am uneasy about it. This would seem more defensible under the auspices of protecting a private business owned network, behind other layers of security, and one would also be backed by an organization with deep pockets and skin in the game. Doing this alone with willfully mis-configured servers on the public internet seems to rely on luck, in the hope that the attackers won't attract the attention of anyone important...

If I was doing this I would at least limit the outbound bandwidth of the server to something like 1 Mbps or so. Won’t protect against more sophisticated attacks but would at least make any DoS attempts ineffective.
Are there similar windows tools like Sysdig?