summaryrefslogtreecommitdiff
path: root/22/1a34c6e1a76e778f076579e3f7d8169c8eb1d3
blob: cd2d6cbe55d4cf9d08dc74ae71da7c11f45150b0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
Return-Path: <decker.christian@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 8395D94D
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 25 Aug 2016 14:27:37 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm0-f45.google.com (mail-wm0-f45.google.com [74.125.82.45])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 03452129
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 25 Aug 2016 14:27:36 +0000 (UTC)
Received: by mail-wm0-f45.google.com with SMTP id i5so74917746wmg.0
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 25 Aug 2016 07:27:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=date:from:to:subject:message-id:mail-followup-to:references
	:mime-version:content-disposition:in-reply-to:user-agent;
	bh=n8g/JmMS3KN/gBVVv6KJk/FLJHqGF+WhHzNvG8ZmZJ8=;
	b=wJYpGlFXoiE4BXYS6pgrPCeQoNJXonL4Mo9L9OpDox9g3vmomFRX+d9I9Vvi1QRptg
	JBfpETzm6K3h+AC/6rGg/MQ65cMxg9hyFV8WVMMzv9LEH0p9pSXJUVmnRF8zkrGt+w8O
	5R+5zEbfqKx9mzn+sM+LNC4K8J7o4yZ/tvsmpZMUoGAfr3iY2Kt6Z07Jrq+nYZ8orXv9
	6TFSH9fClPr94VmFsUgQxxyUzttuVzFZWFEzea2nWowVq2i4Fe0k7KRxTbsZM9UWQvSx
	UlV3q36dHn3NxFRt2SPGMyi511oggT3PYqJ5d2O64V6Bs4mFR0Q58+1CTBxsQSHTyVtE
	bW1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:date:from:to:subject:message-id:mail-followup-to
	:references:mime-version:content-disposition:in-reply-to:user-agent;
	bh=n8g/JmMS3KN/gBVVv6KJk/FLJHqGF+WhHzNvG8ZmZJ8=;
	b=fvnVstB55MEkE9+LuG5irVPlJyaUowl4hULGiAaK6LBfe6MslcI5Vu6eZBAQti1jMf
	QLjpp3l+rTmWWRHj9yuWAnQnHXq2zad01AY0mLdPnP30ilEw6rQO2LA6jX2RocjNchdb
	55l3RUViqF/ZDeVF0Z2CnaZbz84j5OmNH66pbLmYhqhDY6QIK7NNYBLlgRKjQfbec0oc
	geVy78yCnBfuawDD2Dl47JoZqMnRaxxamBNR321x0t3A0+dpbk7gRMQEUkT5ztH4UKBE
	3B2H2Z+/jlBZoA4dbQROUhcjSvMARa7DWj/oH6+E7q4TtSTYSmxZVFT/JUHw0mbEkKb0
	Eshg==
X-Gm-Message-State: AEkoouuty7aufR9U6aP3Tx5zFi6f6MgNc+rOnpUvtIwlNSY5iVjhoza5S/Hhkt38CJ9b1w==
X-Received: by 10.28.15.3 with SMTP id 3mr28902427wmp.31.1472135255083;
	Thu, 25 Aug 2016 07:27:35 -0700 (PDT)
Received: from nex ([2a02:aa16:1105:4a80:8dca:36fa:f553:3831])
	by smtp.gmail.com with ESMTPSA id
	e12sm38919764wmg.17.2016.08.25.07.27.33
	for <bitcoin-dev@lists.linuxfoundation.org>
	(version=TLS1_2 cipher=AES128-SHA bits=128/128);
	Thu, 25 Aug 2016 07:27:33 -0700 (PDT)
Date: Thu, 25 Aug 2016 16:27:32 +0200
From: Christian Decker <decker.christian@gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Message-ID: <20160825142732.GA11295@nex>
Mail-Followup-To: Christian Decker <decker.christian@gmail.com>,
	bitcoin-dev@lists.linuxfoundation.org
References: <20160824014634.GA19905@fedora-21-dvm>
	<CAH+Axy4ahvQOG5=jGn68u0m5dTTmFCJ0isfOEt-Be=63ot55dg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAH+Axy4ahvQOG5=jGn68u0m5dTTmFCJ0isfOEt-Be=63ot55dg@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
	RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Capital Efficient Honeypots w/ "Scorched Earth"
 Doublespending Protection
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2016 14:27:37 -0000

On Thu, Aug 25, 2016 at 02:54:47AM +0000, James MacWhyte via bitcoin-dev wrote:
> I've always assumed honeypots were meant to look like regular, yet
> poorly-secured, assets. If the intruder could identify this as a honeypot
> by the strange setup (presigned, non-standard transactions lying around)
> and was aware that the creator intended to doublespend as soon as the
> transaction was discovered, wouldn't they instead prefer to not touch
> anything and wait for a non-bait target to appear? Is the assumption here
> that the intruder wouldn't know this is a honeypot, or that they would know
> and it's just assumed that they would rather take their chances on this
> instead of causing some other trouble?

That strongly depends on the value of the compromised machine to the
attacker. If he has syphoned all the data from it and has no further
use for it then the he will probably trip the tripwire to get the
coins even though this will make the compromise apparent. If however
he is planning to use it as a foothold to further compromise your
company, send spam or similar, he will likely try to avoid these
tripwires. In which case a classic honeypot, that attempts to look
like a regular system is what you're looking for.