PaulDotCom mailing list archives
Deploying Honeypots for Home Network Monitoring
From: brianwgray at gmail.com (Brian Gray)
Date: Wed, 24 Dec 2008 09:54:39 -0500
Instead of posting up a real windows box use something like Fake NetBIOS with honeyd instead. http://www.darknet.org.uk/2007/06/fake-netbios-tool-simulate-windows-hosts/ http://www.honeyd.org/ Might be easier if you used something like a Cisco ASA and just dump the invalid traffic to a dmz. If cost is an issue perhaps something free like Cobia that supports multiple DMZ interfaces for free. http://www.cisco.com/en/US/products/ps6120/ http://www.stillsecure.com/cobia/ On Tue, Dec 23, 2008 at 2:52 PM, <infolookup at gmail.com> wrote:
Thanks everyone for the great input keep them comming. This is the setup I am thinking about: Currently I have a FW, I will connect a second FW (Smoothwall or Astaro)from the DMZ interface of the first FW, then connect a cisco 2900 switch to an interface on the second FW then connect the Honeypot to that switch. It would be nice to here how others are setting up there labs. ------Original Message------ From: Aa'ed Alqarta To: infolookup at gmail.com To: PaulDotCom Security Weekly Mailing List Sent: Dec 23, 2008 12:51 PM Subject: Re: [Pauldotcom] Deploying Honeypots for Home Network Monitoring I used to NAT all nasty traffic coming to my FW to a box running Nepenthes and monitor it. Running un-patched Windows is much better becuase you get the real stuff. Make sure to secure them by a FW or get a separate DSL line. On Tue, Dec 23, 2008 at 4:47 PM, <infolookup at gmail.com <mailto: infolookup at gmail.com> > wrote: Hello All: I have been doing some brief research on Honeypots, and Botnets after looking at my Firewall logs and noticing a few specify IP address that try to attack my network around the clock. This has caused me to look into a test environment where I could better monitor these activities. Any and all suggestions are welcomed. Sent from my Verizon Wireless BlackBerry _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com <mailto:Pauldotcom at mail.pauldotcom.com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom < http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> Main Web Site: http://pauldotcom.com <http://pauldotcom.com/> -- Do It Securely or Not At All http://extremesecurity.blogspot.com <http://extremesecurity.blogspot.com> Sent from my Verizon Wireless BlackBerry _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- -Brian W. Gray -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081224/8a60c1b8/attachment.htm
Current thread:
- Deploying Honeypots for Home Network Monitoring infolookup at gmail.com (Dec 23)
- Deploying Honeypots for Home Network Monitoring Paul Asadoorian (Dec 23)
- Deploying Honeypots for Home Network Monitoring byte.bucket at 4a44.com (Dec 23)
- Deploying Honeypots for Home Network Monitoring Chris Simpson (Dec 23)
- Deploying Honeypots for Home Network Monitoring Aa'ed Alqarta (Dec 23)
- <Possible follow-ups>
- Deploying Honeypots for Home Network Monitoring infolookup at gmail.com (Dec 23)
- Deploying Honeypots for Home Network Monitoring Brian Gray (Dec 24)
- Deploying Honeypots for Home Network Monitoring Paul Asadoorian (Dec 23)