Honeypots mailing list archives

Honeypot/net IDS System

From: Daniel Roth <d00roth () dtek chalmers se>
Date: Sun, 22 Feb 2004 23:41:56 +0100

Hi!

I wrote here some months ago about a project I and som friends have beenasked to do.It is up and running now, and we would really(!!) like to have somfeedback, thoughts andideas before we start using the system sharp. We're currently in atestphase.


http://jackass.tekno.chalmers.se/dp03-17/

From the What-it-is section:

"...we in the group focused a bit more on how to "invite" the attackerand let him/her intoa fake system, a honeypot. Our honeypot is a single computer, fakingmany computers, with differentcomputers, operating systems and routers. This system is supervised viaa GUI where one can clickand drag to add computers/routers a visual way. When satisfied aconfigfile will be written and systemup and running. The backend is a combination of an ids system, with anadvanced honeypotdeamon,lots of virtual filesystems and a log/abuse-function which can mail thesystem administrator when

something suspicious happens"

Daniel

Current thread:

Honeypot/net IDS System Daniel Roth (Feb 22)
- Re: Honeypot/net IDS System Michael Robinton (Feb 22)
  - Re: Honeypot/net IDS System captgoodnight (Feb 22)
  - RE: Honeypot/net IDS System Aditya, ALD [Aditya Lalit Deshmukh] (Feb 24)
    - RE: Honeypot/net IDS System Michael (Feb 24)
    - RE: Honeypot/net IDS System ravivsn (Feb 24)
    - RE: Honeypot/net IDS System Michael (Feb 25)
    - Re: Honeypot/net IDS System Valdis . Kletnieks (Feb 25)
    - Re: Honeypot/net IDS System Ian Baker (Feb 24)
    - Re: Honeypot/net IDS System Michael (Feb 25)
    - RE: Honeypot/net IDS System Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)

(Thread continues...)