As Relyt said, pick up a copy of "Honeypots - Tracking Hackers". It's written by Lance Spitzner and is an excellent, excellent book. It's very informative, yet a relatively easy read at the same time. I did an independent study course last year on honeypots and that was the book I used as a text.

While Back Officer Friendly is pretty much the only free Windows honeypot I can think of, it's also incredibly lame. It's a low interaction honeypot, which means that all it does is throw up some open ports and then log whenever anyone connects to them. However, that's *all* it does...where as some low interaction honeypots will emulate a service. Another downside to BOF is that it doesn't take a brain surgeon to ID it. You can connect to it's wanna-be telnet port, type a login and password, but the password shows up as you type it. I've never telnetted into a box where that's happened. Quite honestly, I'd barely say that it was worth a look.

However, if you really want to get into some cool honeypots, use VMWare like Mittens said, but throw a Linux flavor on a virtual machine and then check into either Honeyd (my fav.), LaBrea, or the Deception Tool Kit. I'm pretty sure you may have to compile them from source, I know for a fact Honeyd you will, so you'll need to make sure you have a C compiler installed.

Happy Honeypotting...

Alpha