Honeypots mailing list archives
Re: Capturing Windows RPC worms with honeyd or similar?
From: Kostas K <acezerocool () yahoo com>
Date: 28 Sep 2003 22:18:55 -0000
In-Reply-To: <646933429.20030928120102 () iki fi> If you like, you could avoid dealing with honeyd and simulations stuff. Therefore you could build a windows machine either win2000 or winxp, unpatched of course, and use snort to capture the worm. Even if you do not use snort you will capture it, or if you like it will capture you. Snort will help you afterwards in the analysis process. However, this depends on the network you operate. If the rest of the machines are linux, irix etc then you won't face any particular problems. In case you've got winxp or win2000 patch them and secure them @ports tcp/135, udp/135, udp/69, tcp/4444 mostly and leave the victim unprotected. Cheers Kostas
Hi all! I'd like to set up a honeypot to capture Windows RPC worms and other Windows-specific stuff. Is there any way to simulate a vulnerable Windows host using honeyd or some similar software? I mean actually simulating the buffer overflow. Or do I have to set up a real Windows box? Any ready-made configuration files for honeyd? Thanks! - Jyri
Current thread:
- Capturing Windows RPC worms with honeyd or similar? Jyri Hovila (Sep 28)
- Re: Capturing Windows RPC worms with honeyd or similar? oudot (Sep 28)
- <Possible follow-ups>
- Re: Capturing Windows RPC worms with honeyd or similar? Kostas K (Sep 28)