Honeypot for Shares in Windows.

**Dove11** · August 29th, 2006, 01:04 PM

Hello all,

I'm after some advice if possible, we have a virus/worm that appears to be propagating through our network via Open Shares. Is there a Honeypot that can emulate open shares that I would be able to use to track the source (or victim) connections from? Or is there a better way of doing this?

Thanks!

***SirDice*** · August 29th, 2006, 01:33 PM

Welcome to AO

Just take any old computer.. Open a few writable shares, drop some executables in there, hook up a sniffer and wait..

**Dove11** · August 29th, 2006, 01:48 PM

Thanks for that - I'm downloading Ethereal now.

***SirDice*** · August 29th, 2006, 02:06 PM

Originally posted here by Dove11
Thanks for that - I'm downloading Ethereal now.

Good choice

If the "old computer" can run XP, turn on File and Object auditting and audit any write action to those shares. It's probably easier to read the security eventlog then it is to wade through a couple of megabytes of sniffer data. You'll have a basic time frame to look for..

Thread: Honeypot for Shares in Windows.

Thread Tools

Display

Honeypot for Shares in Windows.

Posting Permissions