Re: Gen I or Gen II

[george chamales <george () overt org>]

What is the topic of your thesis and what sort of information are you 
looking to gather?  More specific information would help everyone 
better answer your question.

On a side note, if you will be setting up your honeynet inside of your 
university's network be sure that you have permission from the people 
in charge of the network.  Most university admins have enough to worry 
about as it is.

george

On Saturday, February 8, 2003, at 09:09  AM, Richard Stevens wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I'm planing to set up a honeynet to gather information for my thesis. 
> I read
> most of the documentation provided on honeynet.org and also the books 
> "Know
> your Enemy" and "Honeypots - Tracking Hackers". From what I learned 
> Gen I ist
> considered the older but reliable way to do things compared to Gen II 
> being
> the more advanced and supposedly easier way to achieve data control.
>
> In the answer to a rejected mail, Lance Spitzner "HIGHLY recommends" 
> looking
> into Gen II Honeynets. Gen II definately sounds a lot better in 
> various terms
> but the low version numbers on some of the tools make me question 
> wether
> those utilities are ready for prime time yet. I'm no complete newby 
> with
> Linux firewalls and for example snort and I'm confident I'd be able to 
> set up
> a honeynet but having to work around serious problems with the used 
> tools
> might still break my neck.
>
> I'm wondering, are Gen II Honeynets in production right now? What are 
> your
> experiences. Do they work well? What would you suggest to someone 
> building
> his first honeynet, Gen I or Gen II or a mixture? Anything you 
> encountered
> that I should definately read, check out, keep in mind?
>
> One other thing, I tried to find a way to search and read the older 
> posts on
> this list, since I only recently subscribed. The securityfocus 
> webinterface
> is close to unusable. It's extremely slow to access from germany and 
> due to
> missing threads not that easy to use. I tried to search on the net for 
> an
> alternative but wasn't sucessful up to now.
>
> Thanks a lot,
>
> Richard
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQE+RR2hWQvEMJfcXlQRAtpmAJ966J5vz1dxSMwAQcZgvf+J47kWQgCgnWFG
> w3zo55y1/A12UcNrKuIa5Iw=
> =H9Y0
> -----END PGP SIGNATURE-----