Re: Undergraduate student Research topic about the Honeypots or Honeynet

[VHP3 <vhp3 () cox net>]

Alan,

I was in your same position about two years ago or so now, doing much 
the same project.  I did an independent study using Lance Spitzner's 
"Honeypots: Tracking Hackers" book, which I must highly recommend you 
read, as a text of sorts.  There are also numerous honeypot articles out 
on Security Focus (www.securityfocus.com) that have slightly more 
current information, not to mention different information. 

As for your data collection needs, I must hightly recommend the 
following combination of tools:

   *     Honeyd
   *     Snort
   *     MySQL
   *     Apache
   *     ACID (Analysis Console for Intrusion Databases - I believe)

It's probably best to have honeyd and snort on one *nix box, with mysql, 
apache, and acid running on another if possible.  ACID can be a bit 
tricky to configure, but once you get it up, it'll give a nice little 
GUI-esque interface to view your data on.

Hope that helps,

VHP3



Alan Chung wrote:

> Hi all,
>
> I am bachelor degree final year student. 
> I am interesting in network security, and my final year project will working about Honeypots or Honeynet. 
>
> My final year project topic is "Profiling Security Threats with Honeypots"
>
> The project plan is deploy a centralized database to collect the data and design user interface. Then using the user 
> interface to summarize, profiling and report the threats.
>
> But I have few confuse about my topic. Because my topic may be across two topics in the honeynet project recommend project topics list, 
> they are "Profiling" and "Honeynet Phase IV".
> I am first time to doing a research, so I afraid that my topic can it working with this two topics. And I don't my 
> topic can work or not.
>
>
> I am very interesting in working with you and learning more about this area.
>
>
>
> Thanks !
>
> Alan. ~^_^~
>
>
>