From: Michael Boman [mailto:michael.boman () securecirt com]
Sent: Wednesday, June 18, 2003 11:32 PM
To: Larry Colen
Cc: Brass, Phil (ISS Atlanta); pen-test () securityfocus com
Subject: Re: Honeypot detection and countermeasures
On Wed, 2003-06-18 at 10:15, Larry Colen wrote:
Good point. I was more envisioning a scenario where the client was
testing the whole security system, including the honeypots. I.e.
hiring a pen-tester without giving the pen-tester any
knowldege of the
system before hand.
If I seem like a clueless newbie, I hope that I at least
seem like a
polite clueless newbie. I'll crawl back into my hole and lurk a bit
There is a viable scenario for this. Let's say ACME Inc.
wants to do their own pen-tests because they
- Don't like to pay outsiders to do it
- Want to compete with the company
- They want to steal their tools and techniques
- insert your own paranoid explanation for the "why" bit
They hire a group of people to hack their systems and record
everything so once the exercise is over ACME Inc. now knows
the tools and techniques of that particular pen test group.
It's unlikely, but possible. Haven't happen to me (yet).
Security Architect, SecureCiRT Pte Ltd http://www.securecirt.com