Honeypots mailing list archives
RE: Honeypot Newbie
From: "Alberto Gonzalez" <albertg () cerebro wwjh net>
Date: Wed, 29 Jan 2003 20:27:49 -0800
First thing, why are you running this Honeypot? Research or otherwise? You might want to venture off to http://honeypots.sf.net he has a lot of 'monitoring' based stuff on his website. I can't really help much since All of my honeypots are *nix based. I would suggest starting with a low Interaction honeypot and start building your way up when the experience comes. Then when you get more familiar with honeypots and their surroundings start venturing off. :-) Cheers! Alberto Gonzalez Useful Links: http://www.violating.us/projects/bigeye http://www.tracking-hackers.com/solutions http://honeypots.sf.net --- "The secret to success is to start from scratch and keep on scratching. -----Original Message----- From: Joseph R. Gruber [mailto:jgruber () tampabay rr com] Sent: Wednesday, January 29, 2003 4:06 PM To: honeypots () securityfocus com Subject: Honeypot Newbie Hi! I've heard about honeypots for a long while but being a broke college student I don't have much money to have a whole honeynet setup. After reading the Vmware article though I've really become interested in setting up my first honeypot. I'm slightly familiar with Linux but I figured for my first honeypot I would set it up using Windows XP with IIS 5 installed. What I'm looking for is advice & suggestions on how to monitor & set this up correctly. What tools should I be looking at for monitoring the honeypot from the host machine? What about a firewall? Through my readings it seems as if I would want all inbound traffic but outbound traffic very limited. I'm not familiar with any Windows firewall that would allow something like that. Any advice, suggestions or tips are greatly appreciated! Thanks, Joseph Gruber jgruber () tampabay rr com
Current thread:
- Honeypot Newbie Joseph R. Gruber (Jan 29)
- RE: Honeypot Newbie Alberto Gonzalez (Jan 29)
- Re: Honeypot Newbie Trevor Telford (Jan 30)