Gen I or Gen II

[Richard Stevens <mail () richardstevens de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I'm planing to set up a honeynet to gather information for my thesis. I read 
most of the documentation provided on honeynet.org and also the books "Know 
your Enemy" and "Honeypots - Tracking Hackers". From what I learned Gen I ist 
considered the older but reliable way to do things compared to Gen II being 
the more advanced and supposedly easier way to achieve data control. 

In the answer to a rejected mail, Lance Spitzner "HIGHLY recommends" looking 
into Gen II Honeynets. Gen II definately sounds a lot better in various terms 
but the low version numbers on some of the tools make me question wether 
those utilities are ready for prime time yet. I'm no complete newby with 
Linux firewalls and for example snort and I'm confident I'd be able to set up 
a honeynet but having to work around serious problems with the used tools 
might still break my neck. 

I'm wondering, are Gen II Honeynets in production right now? What are your 
experiences. Do they work well? What would you suggest to someone building 
his first honeynet, Gen I or Gen II or a mixture? Anything you encountered 
that I should definately read, check out, keep in mind?

One other thing, I tried to find a way to search and read the older posts on 
this list, since I only recently subscribed. The securityfocus webinterface 
is close to unusable. It's extremely slow to access from germany and due to 
missing threads not that easy to use. I tried to search on the net for an  
alternative but wasn't sucessful up to now. 

Thanks a lot,

Richard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+RR2hWQvEMJfcXlQRAtpmAJ966J5vz1dxSMwAQcZgvf+J47kWQgCgnWFG
w3zo55y1/A12UcNrKuIa5Iw=
=H9Y0
-----END PGP SIGNATURE-----