Re: [cobalt-users] PortSentry works !

["Nico Meijer" <cobalt-users@xxxxxxxxxxxxxxx>]

Hi Clark,

> Not two weeks ago did I have this idea, seriously. Then I thought I'd
> hang a giant "Hack Me" sign around my neck.

The sign is on your neck the second you start *thinking* about putting a box
online. I say, wear it with pride. :-)

But seriously, considering the legal stuff that is thrown in every now and
then, wouldn't that possibly be one possibly *huge* honeynet without anyone
but a few good (wo)men knowing? Have I said "possibly" yet?

Legal stuff is involved with honeypots and honeynets. Turn to
http://www.wired.com/news/culture/0,1284,42233,00.html for some details. So
the question would arise whether or not such a list would even be legal to
share. Or am I overdoing it here?

Although the thought itself is very nice and of course very functional, I
have more faith in somewhat more reactive security measures. I do my best to
be secure by default. You treat me to a nice portscan? Fine, ISP gets info,
ipchains will deal with you next time. It has worked so far. [knock on wood]

I'd hate to send some young guy to the everlasting Nirvana bitbucket that
might well my customer once the pimples fade away, just because he treated
you bad.

> Actually, if someone main-
> tained this discreetly for trusted users and published the list some-
> place else, well that could be workable.

... and have "someplace else" get hacked. Kewl! Who has an old NT box lying
around? <grin>

If certain rules apply, this list could be of great value of course. I am
not denying you that, but I hope an IP won't get dropped on the list because
of one scan. In the past I have done some portscans, although very few, to
find out what other companies & universities were doing to secure their
network. A scan *can* be educational.

Should you add an IP based on an attack on your machine & Carrie's and
Rodolfo is crying somewhere in a corner, I say go. Sign me up!

Have a good one... Nico