Re: Capturing Windows RPC worms with honeyd or similar?

[oudot <oudot () rstack org>]

Jyri Hovila a écrit:
> Hi all!
>
> I'd like to set up a honeypot to capture Windows RPC worms and other
> Windows-specific stuff. Is there any way to simulate a vulnerable
> Windows host using honeyd or some similar software? I mean actually
> simulating the buffer overflow. Or do I have to set up a real
> Windows box?

To catch the Windows RPC Worms, u don't really need to simulate the 
buffer overflow. U just need to answer to the worm, because it does not 
check RPC answers to the RPC requests it sent (just a small recv() to be 
sure an answer came back).

> Any ready-made configuration files for honeyd?

Check this : http://www.citi.umich.edu/u/provos/honeyd/msblast.html

laurent

> Thanks!
>
> - Jyri