Honeypots mailing list archives
Building an Honeypot using VMWare
From: "Bruno MAC Castro" <bcastro () dei uc pt>
Date: Mon, 4 Nov 2002 15:58:46 -0000
Hi all, I am building a Honeypot for my master thesis. I have also been reading papers (or web contents) regarding Honeypot, remote log correlation and intrusion detection tools. Everybody knows that is not consensual the building process of a Honeypot, even so I gather the maximum range of information regarding all possible concepts of a Honeypot and developed my own way of doing it. My option (after many reading hours) is to: 1. Install and close (firewall, Snort, Anti-virus, etc) an operating system Windows 2k Professional (as host) 2. Install VMWare Workstation on the host 3. Install a Windows 2k Professional without any update or protection device as a guest (and a possible Honeypot) 4. Install a Linux RedHat 8 as a Intrusion testing system (more hacking tools for Linux s ) The main platform (intrusion and honeypot) is almost completely setup. Now, I am reaching a stage in my research where I could use some nice advices: 1. What Log tools can I use for log correlation between the Host (monitor with Windows 2k Pro) and the Guest (honeypot with Windows 2k Pro)? 2. I also need a way to share the guest (hacked) machine logs with the host (monitor). Any ideas? 3. Is there any tool that can define the hacking process step-by-step by correlating the IDS logs with the OS logs? 4. It would be important to hide the VMWare process on the Guest. I need a tool (or a solution) to cover or hide the VMWare process in both systems. Ideas? 5. My host system is very well secure but I believe that nothing is 100% safe, so I also need ideas to copy or move all logs (guest and host) to another system (not sure about what kind of system it should be). Any ideas? Maybe serial port to another machine? Thanks. Regards Bruno ______________________________________ Bruno Miguel Abrantes de Campos e Castro Mail To: bcastro () portugalmail pt bcastro () dei uc pt ______________________________________
Current thread:
- Building an Honeypot using VMWare Bruno MAC Castro (Nov 04)
- Re: Building an Honeypot using VMWare Bill McCarty (Nov 04)
- RE: Building an Honeypot using VMWare Bruno MAC Castro (Nov 04)
- RE: Building an Honeypot using VMWare Edward Balas (Nov 04)
- RE: Building an Honeypot using VMWare Bruno MAC Castro (Nov 04)
- Re: Building an Honeypot using VMWare Michael (Nov 13)
- RE: Building an Honeypot using VMWare Bruno MAC Castro (Nov 04)
- Re: Building an Honeypot using VMWare Bill McCarty (Nov 04)
- Re: Building an Honeypot using VMWare Floydman (Nov 04)
- <Possible follow-ups>
- RE: Building an Honeypot using VMWare Muhammad Faisal Rauf Danka (Nov 04)
- Re: Building an Honeypot using VMWare Alberto Gonzalez (Nov 05)
- RE: Building an Honeypot using VMWare Bruno MAC Castro (Nov 05)
- Re: Building an Honeypot using VMWare Ali Saifullah Khan (Nov 12)