📅 Original date posted:2016-08-25
📝 Original message:On Thu, Aug 25, 2016 at 02:54:47AM +0000, James MacWhyte via bitcoin-dev wrote:
> I've always assumed honeypots were meant to look like regular, yet
> poorly-secured, assets. If the intruder could identify this as a honeypot
> by the strange setup (presigned, non-standard transactions lying around)
> and was aware that the creator intended to doublespend as soon as the
> transaction was discovered, wouldn't they instead prefer to not touch
> anything and wait for a non-bait target to appear? Is the assumption here
> that the intruder wouldn't know this is a honeypot, or that they would know
> and it's just assumed that they would rather take their chances on this
> instead of causing some other trouble?
That strongly depends on the value of the compromised machine to the
attacker. If he has syphoned all the data from it and has no further
use for it then the he will probably trip the tripwire to get the
coins even though this will make the compromise apparent. If however
he is planning to use it as a foothold to further compromise your
company, send spam or similar, he will likely try to avoid these
tripwires. In which case a classic honeypot, that attempts to look
like a regular system is what you're looking for.
Christian Decker [ARCHIVE] /
npub1wt…gtuyn
2023-06-07 17:53:09
in reply to nevent1q…tvvz
Author Public Key
npub1wtx5qvewc7pd6znlvwktq03mdld05mv3h5dkzfwd3dc30gdmsptsugtuynPublished at
2023-06-07 17:53:09Event JSON
{
"id": "d081011a0f5496f2e4f7a1f7279a5b21b620616cd9d9b0828f7760c832c2a2d5",
"pubkey": "72cd40332ec782dd0a7f63acb03e3b6fdafa6d91bd1b6125cd8b7117a1bb8057",
"created_at": 1686160389,
"kind": 1,
"tags": [
[
"e",
"a20afac7ea0a5c51cb16d367c8c956d81c0793daf776d5b4fced12052517c6d2",
"",
"root"
],
[
"e",
"441811ac5d2ce7ac821c35590812e769027fd546ae4e262b0c328bdd66d86c94",
"",
"reply"
],
[
"p",
"52e5d0646af3ea5ccb6c4bd31237d6068258a11ace3ac40f02466a3f89342928"
]
],
"content": "📅 Original date posted:2016-08-25\n📝 Original message:On Thu, Aug 25, 2016 at 02:54:47AM +0000, James MacWhyte via bitcoin-dev wrote:\n\u003e I've always assumed honeypots were meant to look like regular, yet\n\u003e poorly-secured, assets. If the intruder could identify this as a honeypot\n\u003e by the strange setup (presigned, non-standard transactions lying around)\n\u003e and was aware that the creator intended to doublespend as soon as the\n\u003e transaction was discovered, wouldn't they instead prefer to not touch\n\u003e anything and wait for a non-bait target to appear? Is the assumption here\n\u003e that the intruder wouldn't know this is a honeypot, or that they would know\n\u003e and it's just assumed that they would rather take their chances on this\n\u003e instead of causing some other trouble?\n\nThat strongly depends on the value of the compromised machine to the\nattacker. If he has syphoned all the data from it and has no further\nuse for it then the he will probably trip the tripwire to get the\ncoins even though this will make the compromise apparent. If however\nhe is planning to use it as a foothold to further compromise your\ncompany, send spam or similar, he will likely try to avoid these\ntripwires. In which case a classic honeypot, that attempts to look\nlike a regular system is what you're looking for.",
"sig": "4c076452809c06e1b82bdbfa5d5ef7bc4e4832308fb2a050dffc4ccf2839c347ebdbb22c4424f8f58bbf5b841785928de6c078a9ef020e22d18edc1ba7c37b2e"
}