Honeynet setup and design question

[Tom McLaughlin <tmclaugh () sdf lonestar org>]

Hi all, I'm looking to set up another honeypot because of the experience
I had doing one as a project in school.  I am also looking to extend
this new project to help people beyond myself.  I want to set up a
honeynet for the purpose of research and track the Mandrake Cooker
development branch, the branch that ultimately becomes the next release,
for a few reasons.  

My goals are two fold here.  I want to collect data on what the average
Mandrake user sees simply by connecting to the internet.  The result
would be like a "State of The User" report to be presented in some way
to the Cooker developers detailing the issues that average users see and
face, and areas that may need further consideration and thought to
create a more secure future Mandrake release.  

The second is the almost elusive possibility of finding a hole in the
development branch that need to be fixed before the next release is
rolled out.  I realize this might be a pipe dream but I think the added
work maintaining a current development snapshot does not outweigh
possible payoffs.

I have started talking with other people who are interested in
contributing to this project.  The issues I am facing is creating a good
design for the project's honeypots.  I am looking for ideas on how to
obtain the type of data necessary and helpful to contribute to the
development of a more secure Mandrake.  I am thinking of a snort rule
set set to capture all incoming traffic, even beyond the attacks
predefined in the rule set, to the honeypot since in theory there should
be no incoming connections.  The end result would be database to make
generalizations about what the Mandrake user community is going to see
on the internet.  I think this is a good setup, but I was wondering if
anybody had any different ideas on how to set things up in a better way
to gather the best data to help make Mandrake tighter.

Thanks,
Tom McLaughlin

(Of course if you would like to see the evolution of this project or
become a participant, please subscribe to the mailing list by emailing
cookerpot-subscribe () linsec ca)