January 13th, 2003 08:17 PM
Neat honey pot software
I was looking up the chances of making a honey pot for newbies......and i found a very interesting site. www.specter.com This honey pot has many cool functions, it can emulate a large variety of OS's and many diff services (traps). It has all the logging functions a honey pot requires aswell as alot of dummy/traps to offer. The configuration seems fairly simple, and the screen shots look very promising. The only disadvantage (for me atleast) is that its $899 US. Very expensive, but worth it for people who dont have the skills of setting up a honey pot manually and who can afford it. I was really impressed by the choices it offers. Have a look and drop me a line of your thoughts to this ready-to-use product. Ofcourse i dont want to compare this to some really advanced honey pots out there, but its really not that unprofessional.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
January 13th, 2003 09:44 PM
Honey Pots explained: http://www.antionline.com/showthread...hreadid=238631
This is a short but informative description/explanation...
yeah, I\'m gonna need that by friday...
January 13th, 2003 10:13 PM
I would say that a better (perhaps cheaper) software method is to use something like vmware, which can emulate an entire OS inside another one.
Alternatively have physical hardware honeypots, they should be effective.
IMHO, a honeypot is a very dangerous thing to set up (I have never done so) - be sure that "owners" of the honeypot can't use it as a springboard to attack others, or your own systems. This includes abuse of your resources, for instance bandwidth.
Protecting the honeypot adequately will require some clever routing & network tricks, so be sure you know what you're doing.
January 17th, 2003 05:57 PM
IMHO - If you cant setup a honeypot by hand you shouldnt be setting one up at all...
if you fsck it up you will be legally liable for any damages incurred
think about it
.....Brain Failure....dumping core.... z z z
February 12th, 2003 02:58 PM
A honeypot in an isolated part of the network can provide invaluable information about intrusion attempts. If it is vulnerable to the outside world do not connect it to the production network. You can use anything on the network as a honeypot. Just give a workstation an intresting name and monitor it to see if there is a hacker on the inside of your network. There are many ways to use honeypots. Be creative, because you know hackers will be. Remember 70% or more of the attacks on your network are going to come from the inside of the firewall. Everything from your average user not knowing what they are doing to the disgruntled employee.