Honeypots mailing list archives
I need advice to install a virtual honeynet using UML
From: "Danilo Dias" <danilo.dias () bcb gov br>
Date: Fri, 8 Nov 2002 11:14:32 -0200
Hi, my name is Danilo. I´m planning to set up a low cost virtual honeynet. For that, I will use just free software. And, since it should not be a powerful computer, i´ll try to do it as simple as possible. My idea is, using User-mode Linux: 1) Install a Red Hat 7 in the real machine, and armor it, to be as protected as possible. It would be the firewall of my honeynet. I would use IPTables, with its limit funcionality enabled, it would deny icmp, and accept only packets with the source IP address of the Honeynet to leave the net. 2) In the real system, I would install Snort too, for data capture. With the logs from IPTables, that would be two layers of Data Capture. 3) I would use UML to install one virtual Linux, unprotected, and that would be my honeypot. I pretend using syslog to log in remote server (the real system), and modifying the bash to capture keystrokes. I have no previous experience with honeypots, so I would like some advice: 1) What computer I will need to do that (RAM, processor, HD)? Minimum and recommended requirements would be useful. 2) What are the flaws of the system I pretend to set up? How could I improve it? Is there anything important I should know before I start implementing the system? Thanks for any advice. Danilo Dias
Current thread:
- I need advice to install a virtual honeynet using UML Danilo Dias (Nov 08)