Honeypots mailing list archives
Re: Honeynet Requirements
From: Richard Stevens <mail () richardstevens de>
Date: Sun, 16 May 2004 12:59:09 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Chuck, On Sunday 16 May 2004 01:14, Chuck Fullerton wrote:
I am in the planning stages of a Honeynet project for my company. I have a question that, so far, I haven't been able to find an answer. Using the diagram from the Honeynet Paper from www.honeynet.org, when you add honeypots to your honeynet, how closely must they mirror the production machines? Any advice is appreciated.
this highly depends on your goals. If you simply want to use your honeynet to see what's out there and what might hit your production systems, a fair resemblance might be enough. If your goal is to lure people to your honeypots and have them believe they hit the real thing, much more deception, read similarity, is needed. You won't fool experienced hackers for long with a honeypot that is obviously not a production system. Once a pot gets hacked, the more experienced types will notice the lack of traffic or other oddities and probably leave. In short, there is no simple answer to your question. If you are not yet experienced in setting up honeypots/honeynets I'd suggest you start with a simple setup and get used to it. Really simulating production systems is not only very difficult but also quite a bit of work. Hope that helped a little even though I couldn't really answer your question. Regards, Richard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAp0mACfA4EwqVdIQRAuFRAJ9D1JZgjh9m/YmM6LmMhaPDzfLrIQCgzZOa AJA1mI6uLNSdzRLwtvPFFrE= =j64f -----END PGP SIGNATURE-----
Current thread:
- Honeynet Requirements Chuck Fullerton (May 15)
- Distributed Honeypot Project whitepaper announcement Andrew R. Lamb (May 16)
- Re: Honeynet Requirements Richard Stevens (May 16)
- Re: Honeynet Requirements Maximillian Dornseif (May 16)
- Re: Honeynet Requirements Julian Grizzard (May 16)