
Fishing for Hackers: Analysis of a Linux Server Attack (2014) - pmoriarty
https://sysdig.com/blog/fishing-for-hackers/
======
elipsey
How much do we know about honeypot liability?

It seems like the last time I looked into this, precedents were not well
established. In school, we avoided the issue by only doing exercises on
virutualized networks not routed to the real internet.

I have been tempted to do this sort of thing myself, but I am uneasy about it.
This would seem more defensible under the auspices of protecting a private
business owned network, behind other layers of security, and one would also be
backed by an organization with deep pockets and skin in the game. Doing this
alone with willfully mis-configured servers on the public internet seems to
rely on luck, in the hope that the attackers won't attract the attention of
anyone important...

~~~
Rjevski
If I was doing this I would at least limit the outbound bandwidth of the
server to something like 1 Mbps or so. Won’t protect against more
sophisticated attacks but would at least make any DoS attempts ineffective.

------
apurvadave
Another good honeypot story, this one using Sysdig Falco as an intrusion
detection engine:

[https://labs.mwrinfosecurity.com/blog/high-interaction-
honey...](https://labs.mwrinfosecurity.com/blog/high-interaction-honeypots-
with-sysdig-and-falco/)

------
josephv
[https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-
Espiona...](https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-
Espionage/dp/1416507787)

Honeypots are good fun. This book introduced me to them many years ago at
university.

------
pmoriarty
There's also part 2:

[https://sysdig.com/blog/fishing-for-hackers-
part-2/](https://sysdig.com/blog/fishing-for-hackers-part-2/)

------
baud147258
It needs a 2014 in the title, even if the content is still relevant.

------
rayvy
Read the whole thing through. Awesome stuff, not too crazy/low-level, and
presented in a easy-to-understand, sequential way. Great stuff

------
iask
Are there similar windows tools like Sysdig?

