Ketchup wrote:1. You can be liable for damages if your honeypot gets pwned and is used to cause damage elsewhere.
True, although depending on the type of honeypot this is no worse than any other live system. If it gets 0wned bad people can do bad things with it.
It's for this reason that I only run low-interaction honeypots (Nepenthes and a couple of small custom scripts), as low-int honeypots only emulate you vuln rather than actually have the vulnerability then you should, in theory, be safe. (Unless there is an additional vulnerability in your honeypot application)
High interaction pots scare the bejeesus out of me and I wouldn't recommend touching them. Although I did once stick an unpatched XP box on a public IP and waited for some action, didn't even get the kettle boiled before I pulled the power
Ketchup wrote:2. If improperly configured, your honeypot could be violating wiretapping laws. I am assuming this is a more serious issue in the UK since your privacy laws are much more substantial than ours.
tbh I've not given it any thought until now, but I'm not sure if wiretapping should be an issue with honeypots. As we're not intercepting traffic meant for another device, only stuff that targetted the honeypot itself (either maliciously or via misconfiguration). From a wiretap perspective I would have thought an IDS or IPS would be at greater risk of violating wiretap laws than a honeypot and these widely considered 'best-practice' technologies. (And I wouldn't get me started on 'privacy' within the UK...)
Personally I think one of the main issues people have with honeypot systems is that they are largely not understood. From my experience I find them to be a very useful addition to aid a sys & network admin to get a better understanding of the threats facing their systems, but as the legal position seems 'unknown' I'll refrain from suggesting anyone gives it a go...