Re: setting up an insecure box

[Kaj Huisman <kaj.huisman () gmail com>]

Response inline

Rob Berk wrote:
> Hi,
>
> I am a software developer with a newfound interest in computer
> security. Inspired by a chapter from "Stealing the Network", I would
> like to set up an unpatched box to observe and try to learn from-
> monitor the traffic, try to reverse engineer any malware it gets.. I
> have a few questions-

What you are looking for is a honeypot (or net)
I suggest looking around on the honeynet.org site for some more 
background information before setting one up, specially about the legal 
consequences (you don't want your box to become the staging area for 
some other attack for example)

 1) is this realistic?  will setting up an
> unsecure older box on my home network actually attract any malicious
> code or people?

It is certainly realistic. Some ISP's tend to filter/block certain 
traffic (for example the MS ports) so catching malware may depend. If 
you set up a honeypot you might want to consider a temp dynamic dns name 
for it.

 2) what software configuration would work best for
> this?  in the book, the (fictional) character sets up a box with
> windows 2000 and IIS5, and catches the new worm within a few minutes,
> but the book is a few years old.. would I want to use an unpatched
> windows server 2003 with IIS6?

If you are new to the area I suggest (like above) to first read up on 
the honeynet.org site. There are different levels of honeypots/nets. 
Nepenthes <http://nepenthes.carnivore.it/> is pretty easy to setup and 
maintain low-interaction honeypot. A good starting point. After you have 
gained some experience you might want to go with the high-interaction 
honeypots such as roo (available on the honeynet site.

> Also, any other suggestions are very much welcome.  Thanks!

> R

HTH,

K

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------