Security Basics mailing list archives
Re: setting up an insecure box
From: Kaj Huisman <kaj.huisman () gmail com>
Date: Mon, 27 Jul 2009 20:17:38 +0200
Response inline Rob Berk wrote:
Hi, I am a software developer with a newfound interest in computer security. Inspired by a chapter from "Stealing the Network", I would like to set up an unpatched box to observe and try to learn from- monitor the traffic, try to reverse engineer any malware it gets.. I have a few questions-
What you are looking for is a honeypot (or net)I suggest looking around on the honeynet.org site for some more background information before setting one up, specially about the legal consequences (you don't want your box to become the staging area for some other attack for example)
1) is this realistic? will setting up an
unsecure older box on my home network actually attract any malicious code or people?
It is certainly realistic. Some ISP's tend to filter/block certain traffic (for example the MS ports) so catching malware may depend. If you set up a honeypot you might want to consider a temp dynamic dns name for it.
2) what software configuration would work best for
this? in the book, the (fictional) character sets up a box with windows 2000 and IIS5, and catches the new worm within a few minutes, but the book is a few years old.. would I want to use an unpatched windows server 2003 with IIS6?
If you are new to the area I suggest (like above) to first read up on the honeynet.org site. There are different levels of honeypots/nets. Nepenthes <http://nepenthes.carnivore.it/> is pretty easy to setup and maintain low-interaction honeypot. A good starting point. After you have gained some experience you might want to go with the high-interaction honeypots such as roo (available on the honeynet site.
Also, any other suggestions are very much welcome. Thanks!
R
HTH, K ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- setting up an insecure box Rob Berk (Jul 27)
- Re: setting up an insecure box ptchinster (Jul 27)
- Re: setting up an insecure box Richard Golodner (Jul 27)
- Re: setting up an insecure box Kaj Huisman (Jul 27)
- Re: setting up an insecure box ptchinster (Jul 27)