On Mon, 10 Apr 2006 12:17:15 +0200, Patrick Debois said:
> -Suppose attackers will use my honeypot to go outside, can I be held
> responsible for this?
You're certainly at greater legal risk if you were intentionally running
a honeypot rather than some clueless Windows user who got 0wned.
> -Do I need to have special agreements for this of my ISP?
First rule of pen-testing and vulnerability scanning: Always get an in-writing
"get out of jail free" card up front. This almost certainly applies to
running a honeypot - first off, it will help with the ISP. Secondly, it will
help your defense when you try to say "it wasn't me hacking the Pentagon, it
was somebody in the honeypot.." ;)
> -Suppose attackers will use my honeypot to go outside, can I be held
> responsible for this?
You're certainly at greater legal risk if you were intentionally running
a honeypot rather than some clueless Windows user who got 0wned.
> -Do I need to have special agreements for this of my ISP?
First rule of pen-testing and vulnerability scanning: Always get an in-writing
"get out of jail free" card up front. This almost certainly applies to
running a honeypot - first off, it will help with the ISP. Secondly, it will
help your defense when you try to say "it wasn't me hacking the Pentagon, it
was somebody in the honeypot.." ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFEOo6OcC3lWbTT17ARAptZAJ9RdqXvS8fzNuYhHqfoOMUEPEAeygCfcxjQ
l7UHMKuPZpTIzbSdDRujAmc=
=E/1l
-----END PGP SIGNATURE-----
[ reply ]