RE: Honeypot Newbie

["Alberto Gonzalez" <albertg () cerebro wwjh net>]

First thing, why are you running this Honeypot? Research or otherwise?

You might want to venture off to http://honeypots.sf.net he has a lot of
'monitoring' based stuff on his website. I can't really help much since
All of my honeypots are *nix based. I would suggest starting with a low
Interaction honeypot and start building your way up when the experience
comes. Then when you get more familiar with honeypots and their
surroundings start venturing off. :-)

Cheers!
   Alberto Gonzalez

Useful Links:
http://www.violating.us/projects/bigeye
http://www.tracking-hackers.com/solutions
http://honeypots.sf.net


---
"The secret to success is to start from scratch and keep on scratching. 
 

-----Original Message-----
From: Joseph R. Gruber [mailto:jgruber () tampabay rr com] 
Sent: Wednesday, January 29, 2003 4:06 PM
To: honeypots () securityfocus com
Subject: Honeypot Newbie

Hi!

I've heard about honeypots for a long while but being a broke college
student I don't have much money to have a whole honeynet setup.  After
reading the Vmware article though I've really become interested in
setting up my first honeypot.

I'm slightly familiar with Linux but I figured for my first honeypot I
would set it up using Windows XP with IIS 5 installed.  What I'm looking
for is advice & suggestions on how to monitor & set this up correctly.
What tools should I be looking at for monitoring the honeypot from the
host machine?  What about a firewall?  Through my readings it seems as
if I would want all inbound traffic but outbound traffic very limited.
I'm not familiar with any Windows firewall that would allow something
like that.

Any advice, suggestions or tips are greatly appreciated!

Thanks,
Joseph Gruber
jgruber () tampabay rr com