Honeywall: CDRom Bootable Honeypot!
Results 1 to 7 of 7

Thread: Honeywall: CDRom Bootable Honeypot!

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Honeywall: CDRom Bootable Honeypot!

    I got a note via one of the SecurityFocus lists asking about wanting to beta test the Honeynet's Project's new toy: The Honeywall. Apparently this will be a bootable CDrom honeypot, pre-fab and preconfigured kind of concept. I found this PowerPoint Slide Presentation that talks about it.

    Anyone else know anything more about the project?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    The Honeywall is a bootable CD, which boots into a preinstalled and preconfigured build of Linux. It acts as a gateway to a network of computers, each of which will function as a Honeypot. All the technologies required to capture and control data passing through the Honeywall have been pre-installed and are easily configured through an intuitive menu system. IPTables is used for data control, while Snort is used for data capture. All software deployed is open-source and as such, the only cost required in building your own honeynet is the hardware and the honeypot operating systems. But what is more important and what was the initial goal of the project is that the tool allows honeynet technology to be deployable in a standardised form that is simple to configure and easy to use. With the use of Honeywalls, organisations will be able to deploy their own honeynets to help observe malicious activity within their organisations, a regular but until now un-monitored occurrence.
    http://www.mii.ie/msd/general_views_....asp?recID=123

    It follows GenII guidelines http://www.linuxvoodoo.com/resources/security/gen2/

    Can't find an ISO, but it looks like you could basically build it yourself with the Sebek tools. http://project.honeynet.org/tools/sebek/
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Actually, I just got the following email on the list:

    One of the goals of the Project (PhaseIII) is to release a bootable Honeywall CDROM to the community:

    (http://www.honeynet.org/misc/project.html).

    This implementation allows the user to easily deploy a Honeynet without having to worry about putting all the right pieces together to enable the data capture and data control requirements for a Honeynet. Instead, the
    user can focus their time and energy in deploying/analyzing the honeypots that reside behind the honeywall.

    We hope to have the image publicly available by the end of April or early May in the form of a beta release.
    So it's coming soon.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Where are the log keep? Network Drive? USB Key (Size??) ?
    -Simon \"SDK\"

  5. #5
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    I believe the logs are kept on a Sebek server.
    It has two components. The first is a client that runs on the honeypots, its purpose is to capture all of the attackers activities (keystrokes, file uploads, passwords) then covertly send the data to the server. The second component is the server which collects the data from the honeypots. The server normally runs on the Honeywall gateway.
    http://project.honeynet.org/tools/sebek/sebek_intro.png is the Sebek architecture.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  6. #6
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    this sounds useful indeed.
    Trappedagainbyperfectlogic.

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Update... The cd has been released:

    The Honeynet Project is excited to announce the beta release of the Honeywall CDROM. This is a bootable CDROM that contains all the tools and functionality needed to operate a honeywall, including
    data control, data capture and automated alerting. The CDROM is based on William Salusky's FIRE and is designed to act as an appliance: only those tools necessary to run the Honeywall are included on the CRDOM. The CDROM has a menu interface for faster installation, configuration, and maintenance; it also has advanced features that allow users to create customized .iso images. In addition, we are releasing the paper "Know Your Enemy: Honeywall CDROM." This KYE paper is an overview of the CDROM, how it works and is configured, issues and limitations, and several deployment examples.

    NOTE: This CDROM is considered beta. This means the odds of this CDROM image having bugs or other issues is extremely high. Please submit any problems you have to our bugserver, https://bugs.honeynet.org. Also, since this CDROM automates the process of deploying honeynets, it's that much easier to shoot yourself in the foot. Be sure you read all documentation and understand the concepts and risks of honeynets before deploying one of these (you have been warned).

    The Honeywall CDROM homepage http://www.honeynet.org/tools/cdrom

    KYE: The Honeywall CDROM http://www.honeynet.org/papers/cdrom
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides