Honeypots mailing list archives
Re: Introducing the Tactical Honeynet Deployment Project
From: Thomas Jones <thomas.jones () linux-howtos com>
Date: Tue, 2 Sep 2003 12:04:52 -0500
On Tuesday 02 September 2003 11:14, Tom Britten wrote: <snip>
Yes such training and learning is possible. My company has been working on a product for security that does learning/training and protection of systems. Take a check at www.cylant.com read the white papers to get an understanding. I was talking to my boss about using our systems in honeynets/honeypots. This will allow learning and control. Some really get advantages there.
<snip>
This is a wonderful idea for a number of things, not just control of your honeypot. One of the pieces that gangadhar mentioned was about activity. How about using your other honeypots to help create traffic and activity. You have the ability in either UML or Vmware to run multiple machines on one physical box. Don't forget to not only create servers as honeypots, but simply clients as well. For sometimes they are the only uncontrolled factored that can be used by a blackhat to wedge themselves in. Let say you have a decent box sitting there, run a number of client honeypots and use those to create traffic and activity on your other honeypots. This also makes the server look all that more real. Have the design make sense, i.e. don't have clients in your dmz if that is where your honeypot is located for that will flag it as odd and it will be ignored. I think you know what I mean. ^_^ Tom Britten Sr. Systems Engineer
'vserver' can also make a valid contribution to the virtual honeynet argument. http://www.solucorp.qc.ca/miscprj/s_context.hc I have been developing a small virtual honeynet of 7 servers and 24 clients on one "host" system. It has been two(2)months since i started this project......and there is still much more to go. Virtual systems do have 'cons' as well. If an attacker were to monitor process usage they would see that they do in fact have a ceiling. And the fact that a 'user' can only see the processess within that particular virtual server ----- yet the system performance can take a noticable hit if a multitude of 'servers' and/or 'clients' are generating simultaneous traffic. Hopefully, this will be attributed to latency and the such.... The reality and validity of the systems are key. I've gone as far as spidering the internet for 5,000+ names and constructing fake credit card ID's for all to give the image of a e-commerce site database on one server. To include a transaction number. Gnumeric and the rand() function work great in my situtation. ;) -- Thomas Jones Linux-Howtos Network Administrator OpenGPG Key: 0x6A3DF6E9
Current thread:
- Re: Introducing the Tactical Honeynet Deployment Project, (continued)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Greg Tracy (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Damian Menscher (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Lance Spitzner (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Brenton (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Brenton (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Thomas Jones (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Scott Garman (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Reining (Sep 02)