RE: tiny honeypot configuration

["Gorgon Beast" <gorgon () digitalpath net>]

I used George's THP for a while.  While it is nice, the only port I could
get to work correctly was 21 and it would respond with a fake ftp prompt.
This was nice, and captured the obvious scripts trying to break in.

I found it far easier to download honeyd and set it up.  It comes in a tool
kit, precompiled with arpd.  All I had to do was to specify my class C in
start-arpd.sh and the range I wanted it to look at in start-honeyd.sh.  Then
start them.  That easy.  Arpd takes a few minutes to look at the class c and
see which addresses are real and which are non-existent.  You can specify
the log file and set up a cron to email you at interval, or set up Swatch to
email on occurrence.

I even found it easier to modify the scripts and have them listen
differently.

Using Honeyd in conjunction with Shadowias (another George Bakos program) I
get very good data on attackers.

  -----Original Message-----
  From: Daniel Almendra [mailto:danielalmendra () terra com br]
  Sent: Monday, June 23, 2003 6:54 AM
  To: honeypots () securityfocus com
  Subject: tiny honeypot configuration


  Hi!
  I am trying to configure Tiny Honeypot in my house, but I just can't
figure out what I'm doing wrong. It just doesn't seem to work!
  Can someone tell me a way to configure the iptables.rules file and
thp.conf file?
  How can I test if the honeypot is working fine?
  Can someone tell me one exploit that can be fooled by thp?

  Thanks a lot for your attention. I'll appreciate if someone gives me an
answer...

  Daniel Almendra