Honeypots mailing list archives
Re: Capturing Windows RPC worms with honeyd or similar?
From: oudot <oudot () rstack org>
Date: Sun, 28 Sep 2003 17:16:18 +0200
Jyri Hovila a écrit:
Hi all! I'd like to set up a honeypot to capture Windows RPC worms and other Windows-specific stuff. Is there any way to simulate a vulnerable Windows host using honeyd or some similar software? I mean actually simulating the buffer overflow. Or do I have to set up a real Windows box?
To catch the Windows RPC Worms, u don't really need to simulate the buffer overflow. U just need to answer to the worm, because it does not check RPC answers to the RPC requests it sent (just a small recv() to be sure an answer came back).
Any ready-made configuration files for honeyd?
Check this : http://www.citi.umich.edu/u/provos/honeyd/msblast.html laurent
Thanks! - Jyri
Current thread:
- Capturing Windows RPC worms with honeyd or similar? Jyri Hovila (Sep 28)
- Re: Capturing Windows RPC worms with honeyd or similar? oudot (Sep 28)
- <Possible follow-ups>
- Re: Capturing Windows RPC worms with honeyd or similar? Kostas K (Sep 28)