Honeypots mailing list archives
Re: virtual honeynet
From: "SecurIT Informatique Inc." <securit () iquebec com>
Date: Mon, 16 Feb 2004 14:08:47 -0500
Hello.If your virtual honeynet emulates Windows NT-based OSes, you might want to take a look at ComLog for capturing command prompt sessions, in case the black hat's connection is encrypted. You can find it at http://securit.iquebec.com/. I have other tools avalaible on this site, they are designed at log management and analysis and intrusion detection. They might or might not be useful to you in a honeypot/net environment, but feel free to browse.
Other than that, I'd say that Snort and/or tcpdump is a must. Other people on this list may give you more tools for virtual honeynets, as I have not played with them much yet.
Have fun. Adam Richard SécurIT Informatique Inc. At 10:16 PM 11/02/2004, wira zanoramy wrote:
what are the best tools for data control and data capture in a virtual honeynet?--- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.577 / Virus Database: 366 - Release Date: 03/02/2004
Current thread:
- virtual honeynet wira zanoramy (Feb 13)
- Re: virtual honeynet SecurIT Informatique Inc. (Feb 16)