Security Basics mailing list archives

RE: Honeypot Server

From: "Timmothy Lester" <Timmothy.Lester () primeadvisors com>
Date: Thu, 17 Jan 2008 14:16:54 -0800

If this is true, and you're not in an enterprise environment, IPCOP is a
great distro...
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of krymson () gmail com
Sent: Thursday, January 17, 2008 4:38 PM
To: security-basics () securityfocus com
Subject: Re: Honeypot Server

"Easy to admin, monitor, alert..." I apologize, but I would first
question what your intended purpose for the honeypot would be. I get the
feeling you want something more like a network tripwire that you don't
have to look at. I would steer you towards an IDS solution like Snort or
some other sort of deep inspection firewall or even just your firewall
logs.

A honeypot, while fun and interesting, is still largely a measure for
malware/hacker research as opposed to any real security measure. I know
you didn't call it a security measure, but it sounds like you want a
security measure...? A honeypot has very little value to most shops that
are not providing actual research.

<- snip ->
Can you advise what is the best honeypot server available
Open-source or commercial - it doesn't matter as long as it will be easy
to
administrate and easy to monitor and alerted ...

Current thread:

Re: Logging, (continued)
- - - Re: Logging infolookup (Jan 19)
    - RE: Logging Bugtraq (Jan 21)
    - Re: Logging securek9 (Jan 21)
    - Re: Logging infolookup (Jan 21)
    - Re: Honeypot Server Gleb Paharenko (Jan 18)
    - Re: Honeypot Server p1g (Jan 21)
    - Re: Honeypot Server Emilio Casbas (Jan 21)
    - Re: Honeypot Server Brent Huston (Jan 25)
- Re: Honeypot Server p1g (Jan 18)
- Re: Honeypot Server krymson (Jan 17)
  - RE: Honeypot Server Timmothy Lester (Jan 17)
- RE: Honeypot Server Albert Gonzalez (Jan 18)