Honeypots mailing list archives

Re: Complete Honeynet

From: <rewt () eghetto ca>
Date: Sat, 25 Jan 2003 16:07:23 -0400 (AST)

First off, you should check www.honeynet.org page, if you haven't
already. You can setup honeypots with both of those OS's no problem. I
think linux is generally easier to get into for a full fledged (with
kernel modules and the hey hey) as there are generally more linux
hackers. Personally, I like OpenBSD though, as Theo is just -so- cuddly.

Other things to look into are snort, distributed syslog (including hiding
the 'real' syslog process on the honeypot itself, so evil crackers don't
make it disappear), tcpdump / ethereal and things like honeyd. Another
thing, but purely linux-specific is UML (user mode linux, check google for
a URL). It basically allows you to setup a finite amount of virtual linux
machines, and supports things like sharing the virtual kernels stack with
the real one, so while shellcode will run, it will only 'harm' the virtual
machine.

I hope that gives you some direction.

Peace

-mrOrange

Current thread:

Honeypot article Lance Spitzner (Jan 15)
- Re: Honeypot article Ing. Bernardo Lopez (Jan 15)
- Re: Honeypot article R. Anthony Kolstee (Jan 24)
  - Re: Honeypot article Jon (Jan 25)
  - Complete Honeynet zeal0t (Jan 25)
    - Re: Complete Honeynet rewt (Jan 25)
    - Re: Complete Honeynet Valdis . Kletnieks (Jan 26)
- <Possible follow-ups>
- RE: Honeypot article Keith Bruss (Jan 15)
  - RE: Honeypot article Spikeman (Jan 15)
    - RE: Honeypot article Grégoire Welraeds (Jan 15)
    - RE: Honeypot article Tom McLaughlin (Jan 16)
- Re: Honeypot Article Roland Venter (Jan 15)
- RE: Honeypot article Bosschert, B. (is-ks) (Jan 16)
  - RE: Honeypot article Valter Santos (Jan 16)