Honeypots mailing list archives
RE: deceptive content on honeypots
From: "Richard La Bella \(Florida Honeynet\)" <richard () sfhn org>
Date: Tue, 1 Apr 2003 09:29:00 -0500
Jeremy and all, The answer to your question is yes. The South Florida Honeynet Project now the Florida Honeynet Project at http://www.floridahoneynet.org is moving full force to plan, implement, and deploy what we are calling the Covert Honeynet Initiative. What is a covert honeynet? A covert honeynet is a high value honeynet designed to look, feel, and behave like a valid resource or organization. This means we must build and deploy a true environment that parallels the general requirements one might find within their own organization. For example, a web farm, a back end database, an enterprise mail server, syslog server, routing, switching, an FTP daemon, an SSH server and the list goes on. All these hosts will be populated with data that is in line with the organization we deploy. On May 1, 2003 we will announce a separate site dedicated to the Covert Honeynet Initiative. This site will document and share the lessons we learn throughout the whole process. It's geared toward helping others build similar environments. How will this get done? We have recently partnered with an organization that specializes in secure collocation and monitoring. This partnership will drive the Covert Honeynet Initiative. Key individuals of that organization and our Project will contribute their skills and technological resources to support this effort. We couldn't have done it any other way and are please to have everyone involved. Since September 2001, the Florida Honeynet Project has been deploying research honeynets using a home DSL line. The home DSL line will go away this week. Through our partnership we will have a second tier backbone presence using a partial or full DS-1 circuit and a larger allocated scope of IP addresses. An ARIN look up of our scope will reflect our organization as will a corporate search of our organization at the state level too. The goal is to remain covert. And using the tools developed and tested by the Honeynet Project, http://www.honeynet.org/papers/honeynet/tools/ and the Honeynet Research Alliacne, http://www.honeynet.org/alliance is the best way for us pull this off successfully. When will this get done? Planning and implementation has begun for the foundation required to support the covert honeynet. Go live is expected by years end or first quarter of 2004. Thanks for remembering the presentation Jeff Dell and I gave in Las Vegas. If anyone has any questions, comments, or suggestions regarding this effort you can send correspondence to covert () floridahoneynet org. Cheers, Richard La Bella Florida Honeynet Project http://www.floridahoneynet.org richard () floridahoneynet org
Current thread:
- Re: deceptive content on honeypots Jeremy Bennett (Mar 31)
- <Possible follow-ups>
- RE: deceptive content on honeypots Richard La Bella (Florida Honeynet) (Apr 01)
- Re: deceptive content on honeypots Jim Yuill (Apr 02)
- Re: deceptive content on honeypots Jim Yuill (Apr 08)
- Re: deceptive content on honeypots Jeremy Bennett (Apr 10)