Honeypots mailing list archives

Re: Complete Honeynet

From: Valdis.Kletnieks () vt edu
Date: Sun, 26 Jan 2003 01:54:17 -0500

On Sat, 25 Jan 2003 20:19:54 +0100, zeal0t () gmx net  said:

My company wanna try some Honeynet solutions and I'm learning by this
company (apprentiship).
I told them I wanna try to make this project and now I have a question.

For what I must look when I wanna realise a Honeynet.


Step 1: Decide why you want a honeypot rather than an intrusion detection
system (IDS).  What do you want the honeypot to do for you that an IDS won't?

The answer to this question will greatly determine what your setup will
look like.  For instance, if you're trying to learn about Windows hackers,
a RedHat-based honeypot probably won't do it for you, unless you go to GREAT
lengths to fool the attackers.  Similarly, what hardening you do will
depend on what you're trying to catch, and why....
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description:

Current thread:

Honeypot article Lance Spitzner (Jan 15)
- Re: Honeypot article Ing. Bernardo Lopez (Jan 15)
- Re: Honeypot article R. Anthony Kolstee (Jan 24)
  - Re: Honeypot article Jon (Jan 25)
  - Complete Honeynet zeal0t (Jan 25)
    - Re: Complete Honeynet rewt (Jan 25)
    - Re: Complete Honeynet Valdis . Kletnieks (Jan 26)
- <Possible follow-ups>
- RE: Honeypot article Keith Bruss (Jan 15)
  - RE: Honeypot article Spikeman (Jan 15)
    - RE: Honeypot article Grégoire Welraeds (Jan 15)
    - RE: Honeypot article Tom McLaughlin (Jan 16)
- Re: Honeypot Article Roland Venter (Jan 15)
- RE: Honeypot article Bosschert, B. (is-ks) (Jan 16)
  - RE: Honeypot article Valter Santos (Jan 16)