Honeypots mailing list archives
Data Capture and Data Control
From: yoshi03j () mac com
Date: Thu, 13 Mar 2003 07:02:30 +0900
Hello, I 'm interested in Honeypots, especially Virtual honeynets with VMware. I am trying making virtual honeynet. I refer Know Your Enemy: Learning with VMware and modify "rc.firewall" , now starting operation in a lab. Now I have some questions; first, the script rc.firewall makes interfaces br0 and eth0 no IP addresses and set 0.0.0.0, so our host os doesn't have any IP address, I cannot Data Capture for ONLY our honeypot. Also, I have another IDS machine in a lab network, I can notice some scans for our honeypot's IP address and other machine's honeypot. But TCPFLOW on our Honeypot's host os doesn't capture ONLY the IP address of the honeypot. Please some advises for me and tell me why I need make honeypot and bridge no IP address. I do want to get datas of HONEYPOT.
Regards, Yoshihiro Shibuya (SND13571 () nifty com) (griffinmh () yahoo co jp)
Current thread:
- Data Capture and Data Control yoshi03j (Mar 12)
- Re: Data Capture and Data Control Rob McMillen (Mar 12)
- Re: Data Capture and Data Control Yoshihiro Shibuya (Mar 13)
- <Possible follow-ups>
- RE: Data Capture and Data Control Gonzalez, Albert (Mar 13)
- Re: Data Capture and Data Control Rob McMillen (Mar 12)