Re: Registry and File Monitoring Programs for Windows Honeypots

["Michael A. Davis" <mike () datanerds net>]

I don't know of anything for registry but you could use
wininterrogate(http://winfingerprint.sourceforge.net/wininterrogate.php) or
tripwire for file system changes.

If you find anything useful or implement something please let the list know!
Windows honeypots are not very common and new technologies and applications
are needed and are being developed to help.

Hope that helps,
Michael Davis
Chief Technical Officer
DataNerds
http://www.datanerds.com
----- Original Message ----- 
From: "Hines, Eric" <ehin4 () allstate com>
To: <honeypots () securityfocus com>
Sent: Friday, August 29, 2003 5:47 PM
Subject: Registry and File Monitoring Programs for Windows Honeypots


List:

I am building a Windows honeypot and am very interested in to hear what sort
of software programs some of you might be using to monitor registry and
files changes. Sure, sure, I know their is regmon and filemon, but I use
those more for when I'm sitting in front of the machine and purposely
executing a worm to see what registry entries and files it creates or
changes. Are all of you just using regmon or filemon and logging to a file?

Eric Hines

=============================================
Eric Hines
Senior Intrusion Analyst
Allstate Information Security
---------------------------------------------
[e] ehin4 () allstate com
[c] (847) 830-2883
[a] 1075818 () skytel com
---------------------------------------------
3075 Sanders Road
Suite G2E
Northbrook, IL 60062
=============================================