Security Basics mailing list archives
RE: Honeypot Server
From: Albert Gonzalez <albertg () cerveau us>
Date: Thu, 17 Jan 2008 18:02:38 -0600
The bait n switch preproc with snort allows you to redirect traffic that triggered an alert to a honeypot/net which combines research and some security features into a honeypot deployment. So they definitely can provide some security. Take in mind that any traffic hitting your honeynet is malicious which can act as a warning system. You can even deploy in a round-robin fashion so if alert is for a windows vuln send to win32 HP and if linux alert send to *nix HP and so forth. I wrote a paper with Jason Larsen discussing these ideas its called, Fun Things to do with your honeypot. Hope that helps. -Albert G. -----Original Message----- From: krymson () gmail com Sent: Thursday, January 17, 2008 3:38 PM To: security-basics () securityfocus com Subject: Re: Honeypot Server "Easy to admin, monitor, alert..." I apologize, but I would first question what your intended purpose for the honeypot would be. I get the feeling you want something more like a network tripwire that you don't have to look at I would steer you towards an IDS solution like Snort or some other sort of deep inspection firewall or even just your firewall logs. A honeypot, while fun and interesting, is still largely a measure for malware/hacker research as opposed to any real security measure. I know you didn't call it a security measure, but it sounds like you want a security measure...? A honeypot has very little value to most shops that are not providing actual research. <- snip -> Can you advise what is the best honeypot server available Open-source or commercial - it doesn't matter as long as it will be easy to administrate and easy to monitor and alerted ...
Current thread:
- RE: Logging, (continued)
- RE: Logging Bugtraq (Jan 21)
- Re: Logging securek9 (Jan 21)
- Re: Logging infolookup (Jan 21)
- Re: Honeypot Server Gleb Paharenko (Jan 18)
- Re: Honeypot Server p1g (Jan 21)
- Re: Honeypot Server Emilio Casbas (Jan 21)
- Re: Honeypot Server Brent Huston (Jan 25)
- Re: Honeypot Server p1g (Jan 18)
- Re: Honeypot Server krymson (Jan 17)
- RE: Honeypot Server Timmothy Lester (Jan 17)
- RE: Honeypot Server Albert Gonzalez (Jan 18)