Honeypots mailing list archives
Honeynet setup and design question
From: Tom McLaughlin <tmclaugh () sdf lonestar org>
Date: 17 Dec 2002 21:03:44 -0500
Hi all, I'm looking to set up another honeypot because of the experience I had doing one as a project in school. I am also looking to extend this new project to help people beyond myself. I want to set up a honeynet for the purpose of research and track the Mandrake Cooker development branch, the branch that ultimately becomes the next release, for a few reasons. My goals are two fold here. I want to collect data on what the average Mandrake user sees simply by connecting to the internet. The result would be like a "State of The User" report to be presented in some way to the Cooker developers detailing the issues that average users see and face, and areas that may need further consideration and thought to create a more secure future Mandrake release. The second is the almost elusive possibility of finding a hole in the development branch that need to be fixed before the next release is rolled out. I realize this might be a pipe dream but I think the added work maintaining a current development snapshot does not outweigh possible payoffs. I have started talking with other people who are interested in contributing to this project. The issues I am facing is creating a good design for the project's honeypots. I am looking for ideas on how to obtain the type of data necessary and helpful to contribute to the development of a more secure Mandrake. I am thinking of a snort rule set set to capture all incoming traffic, even beyond the attacks predefined in the rule set, to the honeypot since in theory there should be no incoming connections. The end result would be database to make generalizations about what the Mandrake user community is going to see on the internet. I think this is a good setup, but I was wondering if anybody had any different ideas on how to set things up in a better way to gather the best data to help make Mandrake tighter. Thanks, Tom McLaughlin (Of course if you would like to see the evolution of this project or become a participant, please subscribe to the mailing list by emailing cookerpot-subscribe () linsec ca)
Current thread:
- Honeynet setup and design question Tom McLaughlin (Dec 17)
- Hi i need a opinion Luis Wong (Dec 18)