-
July 24th, 2004, 11:31 PM
#1
setting up a honeypot
I want to set up and play around with a honeypot.
I have a seperate box to implement it on, but would need it to be part of my network in order to achieve internet connectivity.
I've been searching and have found tons of information, but am having trouble shifting through it all and zero'ing in on what is relevant to what I want to do.
Does anybody have experience with any of these particular programs?
Back officer friendly
honeyd-win32
kfsensor
These are the programs I've found that look like they may work for me....I just need to figure out which one to focus on.
Any input on these programs, or additional ideas would be great.
Faqt
If you want to make God laugh....make plans.
-
July 24th, 2004, 11:41 PM
#2
-
July 24th, 2004, 11:54 PM
#3
that one looks great.....at least there's plenty of documentation to start reading.
Thanks Soda_Popinsky
Faqt
If you want to make God laugh....make plans.
-
July 25th, 2004, 06:03 AM
#4
Junior Member
Honeyd is pretty good if your interested in using windows. The other thing I want to recommend just-in-case... if you dont have premission from your ISP be careful, you may be breaking some rules if you allow the attacker to get out using your honeypot (i.e. he is using your box as a hop to attack other machines). And, of course make sure that the rest of your network is behind a firewall... keep the honeypot in a demilitarized zone, there is always a chance that implementing a honeypot could give an attacker easier acess to the rest of your network. Also another thing that I found gets me more hits on my honeypot is I have two old laptops on my network to generate traffic to it.
-Shell_Coder
-
July 25th, 2004, 08:02 AM
#5
Looks good, Thanks for the URL
Franklin Werren at www.bagpipes.net
Yes I do play the Bagpipes!
And learning to Play the Bugle
-
July 29th, 2004, 12:13 PM
#6
I've begun reading documentation on honeypots, including:
http://www.tracking-hackers.com/papers/honeypots.html
http://project.honeynet.org/papers/gen2/index.html
http://project.honeynet.org/papers/vmware/
http://project.honeynet.org/papers/virtual/
My question is, what will happen if/when several major honeynets connect together using Virtual Private Networking (VPN)...creating a honeyweb of sorts?
Could active directory then be used to allow all honeynet admins access to the info gathered by all the individual honeynets in this honeyweb?
Sorry if these seem kinda silly....I just finished some reading and these are the thoughts rolling around my head.
Faqt
If you want to make God laugh....make plans.
-
July 29th, 2004, 06:50 PM
#7
Senior Member
Well...actually...wouldnt it just block the connection or somethin? Im a home user so i dont need/use VPN
-
July 29th, 2004, 07:55 PM
#8
I Know this should be in books review , but feel it relevant to this thread. I would recommend this book to anyone interested in, and who would like to know more about honeypots
Honeypots:Tracking Hackers
By Lance Spitzner
Publisher : Addison Wesley
Pub Date : September 13, 2002
ISBN : 0-321-10895-7
Pages : 480
Computer says no
(Carol Beer)
-
July 29th, 2004, 10:15 PM
#9
yeah....I'm about due for some new book purchases, and that is one that is on my list.
Faqt
If you want to make God laugh....make plans.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|