Honeypots mailing list archives
RE: deploying honeypots...
From: "Connell, Graeme S" <gconnell () middlebury edu>
Date: Fri, 19 Aug 2005 23:43:47 -0400
Rasyid, The first question is a very good one, and, as with most good questions, there really isn't a good answer. If you're looking at how old exploits are used against unpatched systems, then by all means use older versions of operating systems and hardware. However, if you're looking at what attacks are used against fully-hardened systems, update all your patches and programs before deploying the honeynet. Generally, I like to use stuff that's a few months to a year old, with a few known exploits. The problem is also to attract an attacker. Easy systems will be picked up by script-kiddy automated scans and will probably be attacked much more regularly than patched or hardened boxes. And unless you make the box very tempting (name it "bank_of_america.com", use tempting honeytokens, or something like that), most attackers will balk at attacking a secure box in favor of easier targets. Regarding your second question, I'm not entirely sure how you're planning on using neural networks within your honeynet. Are you examining traffic and attempting to determine when an attack occurs? If so, a honeynet may not be the best place to train the network, since ALL traffic within a honeynet is attack traffic (no baseline). Could you be more specific as to exactly what part your neural network will play in the honeynet? --Graeme Connell -----Original Message----- From: cyb3rh3b () kecoak or id [mailto:cyb3rh3b () kecoak or id] Sent: Fri 8/19/2005 9:21 PM To: honeypots () securityfocus com Cc: Subject: deploying honeypots... hi, i've been reading about honeypots technology since a couple of month, but i never deploy one. It's my final term on college now and i am planning to build a honeynet with artificial neural network integrated in it system... first of all...i am trying to build my own honeynet, but there's some problem appear about it's topology. I am going to use 2 kind of OS as a target behind a honeywall, it's windows XP and gentoo linux. My question are: 1. should i use full defending system for both OS (especially for windows, should it patched with new patched or just left it) or just left them as default system? 2. I am planning to use data from scan of the month challange as base for the artificial neural network application and trained it in honeynet network, i haven't download those data so i don't know yet if the data captured was design to server area honeynet or personal machine honeynet, so i still have no idea what kind of honeypot machine especially for windows i should build here, should i run server or just personal machine?!if it server...then what kind of service is common to be used in honeynet? i think just 2 question for now :P, im not speaking english fluently so im really sory if my speaking here is bad... warm regards, Rasyid ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Current thread:
- deploying honeypots... cyb3rh3b (Aug 19)
- Re: deploying honeypots... Ahmed Ameen (Aug 20)
- Re: deploying honeypots... cyb3rh3b (Aug 20)
- Re: deploying honeypots... Ahmed Ameen (Aug 20)
- Re: deploying honeypots... Valdis . Kletnieks (Aug 21)
- Re: deploying honeypots... Barrie Dempster (Aug 24)
- Re: deploying honeypots... cyb3rh3b (Aug 20)
- <Possible follow-ups>
- RE: deploying honeypots... Connell, Graeme S (Aug 20)
- RE: deploying honeypots... cyb3rh3b (Aug 20)
- Re: deploying honeypots... Damiano Bolzoni (Aug 22)
- Re: deploying honeypots... Valdis . Kletnieks (Aug 22)
- Re: deploying honeypots... Damiano Bolzoni (Aug 23)
- Re: deploying honeypots... Valdis . Kletnieks (Aug 24)
- RE: deploying honeypots... cyb3rh3b (Aug 20)
- Re: deploying honeypots... Ahmed Ameen (Aug 20)
- RE: RE: deploying honeypots... Chen Zhang (Aug 21)
- Re: RE: deploying honeypots... Barrie Dempster (Aug 24)
- Re: RE: deploying honeypots... cyb3rh3b (Aug 26)