Building a simple honeypot in Windows
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Building a simple honeypot in Windows

  1. #1
    Junior Member
    Join Date
    Feb 2004
    Posts
    11

    Unhappy Building a simple honeypot in Windows



    I'm doing a project basically on implementing a Honeypot in Window-based.

    http://www.giac.org/practical/GSEC/F...khman_GSEC.pdf
    (I'm trying to follow the whole thing here)


    I can't install Snort 2.1 (which i've downloaded from the net) into my Win2K OS.
    Could be the windows that can't read the files. Or do I really need a Linux??? But i want
    to do it all in Window-based.

    I need help here. Can someone please advise? Please guide me.
    I just need to build a honeypot and then i'll have do analysis based on ACID.
    (means i'll need real time hacking and then i'll do the analysis)

    I'm a newbie in this honeypot field although i know what honeypot is.(I read so much about it)
    Besides i need to demo this project in my college lab.

    Please....it really really URGENT...
    Cheers mate!
    -God Bless-
    [dKEV]

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Where did you download snort from? There is a chance you brought down the linux version. Anyhow, check out this link, it has a good writeup on installing snort on a Win OS.

    Cheers:
    DjM

  3. #3
    Junior Member
    Join Date
    Feb 2004
    Posts
    11
    previously i've download the Snort for Linux..oopss..
    Well, now i've download the Snort for Windows and
    followed exactly everything that was written on the site that you've gave me.

    But another major problem is that how can i link my Honeypot to this Snort?
    Means how can i read all the incoming traffic to my Honeypot??

    Cheers!
    Kev
    -God Bless-
    [dKEV]

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Originally posted here by kevinde
    But another major problem is that how can i link my Honeypot to this Snort?
    Means how can i read all the incoming traffic to my Honeypot??
    Snort will put the network interface into promiscueus mode and is able to see *all* traffic on that network segment (unless you're on a switch).
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Junior Member
    Join Date
    Feb 2004
    Posts
    11
    I'm currently under my college network.
    I'm connected to a switch in my hostel.

    So do i have to contact my network administrator to give me a private IP?
    And do i need any software to control/monitor my Honeypot?

    Pls advise..

    Cheers
    -d[Kev]-
    God Bless
    -God Bless-
    [dKEV]

  6. #6
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,211
    You might also want to check out kf sensor
    http://www.keyfocus.net/kfsensor/
    Its not software piracy. Iím just making multiple off site backups.

  7. #7
    Junior Member
    Join Date
    Feb 2004
    Posts
    11
    Thanks cwk9.

    Kf sensor is cool but my PC gets problem with it after reboot.
    Anyway, do u have any solutions for the problem that i've posted?
    Pls advice.

    Thanks and God Bless,
    -dKev-
    -God Bless-
    [dKEV]

  8. #8
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    You could put a hub in your dorm room. Then put both the honeypot and the IDS (snort boxen) on the hub, and then snort could sniff all traffic to the honeypot.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  9. #9
    Junior Member
    Join Date
    Feb 2004
    Posts
    11
    Thanks souleman.

    Any idea how can i get people to hack my honeypot?
    Esp. when i'm under my college network which means they have to hack them first
    to reach to my honeypot... ???
    Pls advice..

    Thanks and God Bless,
    -dKEV-
    -God Bless-
    [dKEV]

  10. #10
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Can you work with your college to get your honeypot located in their DMZ (if they have one). That way it would be visible on the internet.

    Cheers:
    DjM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •