RE: Honeypot Server

["Timmothy Lester" <Timmothy.Lester () primeadvisors com>]

Yes,
There are tools such as "Send-Safe Honeypot Hunter".  Nessus can also be
used to detect if the services running are valid.  It can also be
suspicious, if you configure a fake a Trojan that was released in 1995.
Or any other anomalies that are detected when someone in penetrating
your network.  I would implement a honeypot because it's fun, but not to
secure against a knowledgeable hacker. 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of m.farid.shawara () gmail com
Sent: Friday, January 18, 2008 4:37 AM
To: security-basics () securityfocus com
Subject: RE: Honeypot Server

Thanks for all of you ...

When I said Alerting I meant that I should be able to sense the attack
when
it happens.

Another question :
If I am an attacker - is there anyway to fingerprint it and know that
it's
not a server and it's a just a honeypot ...

My problem is that depending on the already known versions of the
honeypots
and honeynets software - the attackers will always be able to identify
them
and thus avoid doing any activities on them ...

Thanks ,,,
-----Original Message-----
From: pinowudi [mailto:pinowudi () gmail com] 
Sent: Friday, January 18, 2008 4:44 AM
To: m.farid.shawara () gmail com
Subject: Re: Honeypot Server

honeypots are not for alerting.  they are for researching the unknown.
Look to snort or a nids for your requirements.

m.farid.shawara () gmail com wrote:
> Dear All :
>
> Can you advise what is the best honeypot server available
> Open-source or commercial - it doesn't matter as long as it will be
easy
to
> administrate and easy to monitor and alerted ...
>
> Mohamed Farid ...