Honeypots mailing list archives
hybrid virtual honeynets
From: Angel Avila <darthspud () yahoo com>
Date: Thu, 23 Sep 2004 20:59:30 -0700 (PDT)
Hi, I've recently became real interested in honeynets. I am trying to build a hybrid virtual honeynet. I've been following the KYE: Gen II honeynet and Learning with VMWare whitepaper as guides for the development. The question I have pertains to bridging. Will I have to have a bridge running on both machines (gateway, hostOS of honeypots)? How does running a hybrid affect running tools like sebek or rc.firewall script? I am assuming that on the gateway side I will have the rc.firewall's LAN_IFACE variable and bridge interface set to ETH1 (my gateway only has 2 eth cards). This will be the same for the other tools such as snort_inline and snort. I am not sure on the hostOS side. I've kinda gotten confused, since I am trying to follow the two whitepapers. I would appreciate any suggestions. Thanks __________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
Current thread:
- hybrid virtual honeynets Angel Avila (Sep 23)
- Re: hybrid virtual honeynets joe smith (Sep 24)