OpenBSD 3.0 Honeypot Whitepaper

Tortured Potato writes "This white paper, by Michael Anuzis, details how he set up an OpenBSD 3.0 honeypot, watched it get cracked and then analyzed it -- all within 28 hours. Fascinating stuff...this is the first OpenBSD honeypot I've heard of."

Doesn't this prove at secure systems are bad ?

[Krapangor]

Well, there isn't really such a thing like a secure system.
So all this pro-OpenBSD propaganda by Theo de Rat saying "OpenBSD is secure, really, always" is rather a bad thing. I lulls sysadms into the belief that their system is save, making them unaware of the fact that a system is never secure at all.
Of course, the sources of every OS should be explicitly checked for security holes. But this shouldn't be the single feature of an OS. In fact claiming an OS "secure" just due to these checks is serving security rather badly.
I sometimes wonder if the OpenBSD project hasn't excatly the opposite effects than intended by it's maintainers for these very reasons. On the other hand there are some cynical commentators out there, who claim that the main intend of OpenBSD is to boost Theo's ego.

Obscuring the IP

[tg_schlacht]

Well for one thing the IP may be dynamic. Some other person may have been assigned that IP. Another thing is that they might have been working from a compromised system (though I doubt that in this case.)

In any case the anonymity of at least one of them was not really too well protected as several of the posts above indicate.

BLAH

[Junior+Macintosh]

For some interesting reading related to this article, take a look at the text files that come with the exploit that was used to crack this honeypot.

Re:Firewall, shmirewall

It's very easily possible.

http://www.openlysecure.org/openbsd/how-to/invis ib le_firewall.html

Only accessed from console.