Re: virtual honeynet

["SecurIT Informatique Inc." <securit () iquebec com>]

Hello.

If your virtual honeynet emulates Windows NT-based OSes, you might want to 
take a look at ComLog for capturing command prompt sessions, in case the 
black hat's connection is encrypted.  You can find it at 
http://securit.iquebec.com/.  I have other tools avalaible on this site, 
they are designed at log management and analysis and intrusion 
detection.  They might or might not be useful to you in a honeypot/net 
environment, but feel free to browse.

Other than that, I'd say that Snort and/or tcpdump is a must.  Other people 
on this list may give you more tools for virtual honeynets, as I have not 
played with them much yet.

Have fun.

Adam Richard
SécurIT Informatique Inc.

At 10:16 PM 11/02/2004, wira zanoramy wrote:

> what are the best tools for data control and data capture in a virtual 
> honeynet?
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.577 / Virus Database: 366 - Release Date: 03/02/2004