Full Disclosure mailing list archives
Re: honeypots
From: Vipul Agarwal <vipul () nuttygeeks com>
Date: Mon, 30 Jan 2012 15:23:57 +0000
Hi there, You may first need identify the purpose of using it. - If you want to collect malwares exploiting Windows vulnerabilities, you've Nepenthes which is a low-interaction honeypot. It can be easily installed in Debian from the official repo. - If you're looking something to detect intrusion in a production environment, you've Honeyd (even this is available as a Debian package) - For something more specific, like capturing live ssh sessions, you may use Kippo. It stores the logs in UML format that can be played back on a later stage using tools like Ajaxterm. You even get a separate copy of the tools and bots they download using wget. - Glastopf is another good high interaction honeypot with a nice vulnerability emulator. Although, you need patience and some SEO to get best results out of it. I hope this helps. Regards, Vipul On Fri, Jan 27, 2012 at 6:56 PM, <lallantada () tvazteca com mx> wrote:
i am looking for a good honeypot thanks _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Thanks and Regards, Vipul Agarwal
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DNS bind attacks J. von Balzac (Jan 26)
- Re: DNS bind attacks Gage Bystrom (Jan 26)
- Re: DNS bind attacks Roberto Navarro - TusProfesionales.es (Jan 26)
- Re: DNS bind attacks Jeffrey Walton (Jan 26)
- Re: DNS bind attacks Chris Granger (Jan 26)
- honeypots lallantada (Jan 30)
- Re: honeypots Vipul Agarwal (Jan 30)
- Re: DNS bind attacks Gage Bystrom (Jan 26)