Honeypots mailing list archives
RE: tiny honeypot configuration
From: "Gorgon Beast" <gorgon () digitalpath net>
Date: Mon, 23 Jun 2003 18:19:35 -0700
I used George's THP for a while. While it is nice, the only port I could get to work correctly was 21 and it would respond with a fake ftp prompt. This was nice, and captured the obvious scripts trying to break in. I found it far easier to download honeyd and set it up. It comes in a tool kit, precompiled with arpd. All I had to do was to specify my class C in start-arpd.sh and the range I wanted it to look at in start-honeyd.sh. Then start them. That easy. Arpd takes a few minutes to look at the class c and see which addresses are real and which are non-existent. You can specify the log file and set up a cron to email you at interval, or set up Swatch to email on occurrence. I even found it easier to modify the scripts and have them listen differently. Using Honeyd in conjunction with Shadowias (another George Bakos program) I get very good data on attackers. -----Original Message----- From: Daniel Almendra [mailto:danielalmendra () terra com br] Sent: Monday, June 23, 2003 6:54 AM To: honeypots () securityfocus com Subject: tiny honeypot configuration Hi! I am trying to configure Tiny Honeypot in my house, but I just can't figure out what I'm doing wrong. It just doesn't seem to work! Can someone tell me a way to configure the iptables.rules file and thp.conf file? How can I test if the honeypot is working fine? Can someone tell me one exploit that can be fooled by thp? Thanks a lot for your attention. I'll appreciate if someone gives me an answer... Daniel Almendra
Current thread:
- tiny honeypot configuration Daniel Almendra (Jun 23)
- Re: tiny honeypot configuration George Bakos (Jun 23)
- RE: tiny honeypot configuration Gorgon Beast (Jun 23)