-
February 18th, 2004, 04:25 PM
#1
Junior Member
Building a simple honeypot in Windows
I'm doing a project basically on implementing a Honeypot in Window-based.
http://www.giac.org/practical/GSEC/F...khman_GSEC.pdf
(I'm trying to follow the whole thing here)
I can't install Snort 2.1 (which i've downloaded from the net) into my Win2K OS.
Could be the windows that can't read the files. Or do I really need a Linux??? But i want
to do it all in Window-based.
I need help here. Can someone please advise? Please guide me.
I just need to build a honeypot and then i'll have do analysis based on ACID.
(means i'll need real time hacking and then i'll do the analysis)
I'm a newbie in this honeypot field although i know what honeypot is.(I read so much about it)
Besides i need to demo this project in my college lab.
Please....it really really URGENT...
Cheers mate!
-
February 18th, 2004, 04:35 PM
#2
Where did you download snort from? There is a chance you brought down the linux version. Anyhow, check out this link, it has a good writeup on installing snort on a Win OS.
Cheers:
-
February 23rd, 2004, 09:08 AM
#3
Junior Member
previously i've download the Snort for Linux..oopss..
Well, now i've download the Snort for Windows and
followed exactly everything that was written on the site that you've gave me.
But another major problem is that how can i link my Honeypot to this Snort?
Means how can i read all the incoming traffic to my Honeypot??
Cheers!
Kev
-
February 23rd, 2004, 01:43 PM
#4
Originally posted here by kevinde
But another major problem is that how can i link my Honeypot to this Snort?
Means how can i read all the incoming traffic to my Honeypot??
Snort will put the network interface into promiscueus mode and is able to see *all* traffic on that network segment (unless you're on a switch).
Oliver's Law:
Experience is something you don't get until just after you need it.
-
February 24th, 2004, 04:48 AM
#5
Junior Member
I'm currently under my college network.
I'm connected to a switch in my hostel.
So do i have to contact my network administrator to give me a private IP?
And do i need any software to control/monitor my Honeypot?
Pls advise..
Cheers
-d[Kev]-
God Bless
-
February 24th, 2004, 07:01 AM
#6
You might also want to check out kf sensor
http://www.keyfocus.net/kfsensor/
Its not software piracy. I’m just making multiple off site backups.
-
February 24th, 2004, 06:18 PM
#7
Junior Member
Thanks cwk9.
Kf sensor is cool but my PC gets problem with it after reboot.
Anyway, do u have any solutions for the problem that i've posted?
Pls advice.
Thanks and God Bless,
-dKev-
-
February 24th, 2004, 06:35 PM
#8
You could put a hub in your dorm room. Then put both the honeypot and the IDS (snort boxen) on the hub, and then snort could sniff all traffic to the honeypot.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
February 24th, 2004, 06:43 PM
#9
Junior Member
Thanks souleman.
Any idea how can i get people to hack my honeypot?
Esp. when i'm under my college network which means they have to hack them first
to reach to my honeypot... ???
Pls advice..
Thanks and God Bless,
-dKEV-
-
February 24th, 2004, 07:29 PM
#10
Can you work with your college to get your honeypot located in their DMZ (if they have one). That way it would be visible on the internet.
Cheers:
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|