LaBrea@Home

Discussion in 'other security issues & news' started by Scotcov, Nov 6, 2002.

Thread Status:
Not open for further replies.
  1. Scotcov

    Scotcov Guest

    http://hackbusters.net/LaBrea/lbathome.html
    Does anyone have any thoughts about using this?
    Does it really help the "cause" of security, or is more of a "game" to play with hackers?
    Thank you for your thoughts and opinions.

    Scotcov
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    Well, a couple of thoughts...

    First, be very cautious whenever you start thinking about trying to toy with or out smart the other guy. You don't know who is at the other end of a connection, and you don't know what their capabilities are or their intentions.

    The only people that I think should be using tools to track, honeypot or tarpit hackers (or even script kiddies, for that matter - keeping in mind what I said above about not knowing the person on the other end) are people with the necessary skills, knowledge and setups to create their own honeypots or tarpits, and who don't need such a tool as the one linked.

    Whenever we attempt to use a product like this, to help us play at a level that is beyond our own skills, we are asking for trouble. Defensive applications, like firewalls and AV/AT are one thing, we should use those, but this product? No, that's a little much. We need to be careful we don't become like the script-kiddie - delving into areas we don't understand, upon the power of someone else's tool.

    Secondly, be sure this product's functions are within the TOS of your ISP before installing and using them. I, for example, could not use this tool. It makes it look like I have a webserver on port 80. My ISP does not allow people with my connection package to run servers. Their automated scanning bots might well find this product listening and responding on port 80 and I'd be warned about running a webserver.

    In any case, I don't recommend this or any other such product. Just defend yourself and don't attract the attention of the bad guys. Your online life will be easier that way.

    Best Wishes,
    LowWaterMark
     
  3. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    I'm afraid to ask.......what is it ?? :D

    bill
     
  4. snowman

    snowman Guest

    LowWaterMark

    I was very impressed by your post....an truely wish others would offer the same so good advice......

    many folks don't seem to realize the dangers involved...
    nor how quickly a computer can be trashed....

    snowman
     
  5. cnm

    cnm Spyware Expert

    Joined:
    Oct 18, 2002
    Posts:
    39
    Location:
    Sunnyvale, CA
    Tar pits and honey pots are really for enterprise servers. They would usually have a whole server set aside to be the tar pit or honey pot. Without a spare networked computer, I wouldn't try it :rolleyes:
     
  6. Scotcov

    Scotcov Guest

    Thank you cnm and LowWaterMark. Very helpful answers. I definitely won't touch it!

    Many Thanks,
    Scotcov
     
  7. Scotcov

    Scotcov Guest

    I have to repeat my thanks to you guys/gals for the thoughtfullness and knowledge of the answers you gave me. I posted my question after I had read somewhere (I don't remember where), a group of people touting this tarpit use. They claimed that it was great for stopping hackers, and was easy to use. But I really got the feeling that they all saw it as some kind of fun game.
    I knew I only had one place to turn for the correct answer! :D
     
  8. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    What LowWaterMark says is true. It may not be wise to try to duke it out with someone who could potentially cause you more grief than it is worth is you are not knowledgeable enough.

    That being said I have used Labrea extensively and found it did indeed tar connections. At first it was really exciting to tar some IP get stuck. Miraculously, I was running a real web-server on the same machine and there was no conflict! I am not currently running it, but now that you mention it I'll crank it up again. The last time I was at there site they said they were going to make it configurable to any port. I have no idea if they have yet. A 100,000 tar pits on 137 would be of benefit right about now.
     
Loading...
Thread Status:
Not open for further replies.