setting up a honeypot

Printable View

July 24th, 2004, 11:31 PM
Faqt

setting up a honeypot

I want to set up and play around with a honeypot.
I have a seperate box to implement it on, but would need it to be part of my network in order to achieve internet connectivity.

I've been searching and have found tons of information, but am having trouble shifting through it all and zero'ing in on what is relevant to what I want to do.

Does anybody have experience with any of these particular programs?
Back officer friendly
honeyd-win32
kfsensor

These are the programs I've found that look like they may work for me....I just need to figure out which one to focus on.

Any input on these programs, or additional ideas would be great.
July 24th, 2004, 11:41 PM
Soda_Popinsky

Additional idea:
http://project.honeynet.org/tools/cdrom/
July 24th, 2004, 11:54 PM
Faqt

that one looks great.....at least there's plenty of documentation to start reading.
Thanks Soda_Popinsky
July 25th, 2004, 06:03 AM
shell_coder

Honeyd is pretty good if your interested in using windows. The other thing I want to recommend just-in-case... if you dont have premission from your ISP be careful, you may be breaking some rules if you allow the attacker to get out using your honeypot (i.e. he is using your box as a hop to attack other machines). And, of course make sure that the rest of your network is behind a firewall... keep the honeypot in a demilitarized zone, there is always a chance that implementing a honeypot could give an attacker easier acess to the rest of your network. Also another thing that I found gets me more hits on my honeypot is I have two old laptops on my network to generate traffic to it.

-Shell_Coder
July 25th, 2004, 08:02 AM
Highlander

Looks good, Thanks for the URL
July 29th, 2004, 12:13 PM
Faqt

I've begun reading documentation on honeypots, including:

http://www.tracking-hackers.com/papers/honeypots.html
http://project.honeynet.org/papers/gen2/index.html
http://project.honeynet.org/papers/vmware/
http://project.honeynet.org/papers/virtual/

My question is, what will happen if/when several major honeynets connect together using Virtual Private Networking (VPN)...creating a honeyweb of sorts?

Could active directory then be used to allow all honeynet admins access to the info gathered by all the individual honeynets in this honeyweb?

Sorry if these seem kinda silly....I just finished some reading and these are the thoughts rolling around my head.
July 29th, 2004, 06:50 PM
al1aprize

Well...actually...wouldnt it just block the connection or somethin? Im a home user so i dont need/use VPN
July 29th, 2004, 07:55 PM
jm459

I Know this should be in books review , but feel it relevant to this thread. I would recommend this book to anyone interested in, and who would like to know more about honeypots
Honeypots:Tracking Hackers
By Lance Spitzner
Publisher : Addison Wesley
Pub Date : September 13, 2002
ISBN : 0-321-10895-7
Pages : 480
July 29th, 2004, 10:15 PM
Faqt

yeah....I'm about due for some new book purchases, and that is one that is on my list.