Honeypots mailing list archives
Re: Honeypot webserver question
From: Jess Garcia <jess () jessland net>
Date: Mon, 04 Jul 2005 05:00:58 +0200
You may want to take a look at Bait N Switch: http://baitnswitch.sourceforge.net/ The project was discontinued long ago and the code never was very stable, but the ideas still prevail. JESS ChayoteMu wrote: > I tried to google info on this question but couldn't find anything > specific to what I'm after so I'm sending this out to the list. Thanks > in advance for any responses. > Question: > Is it possible to run a web server on a honeypot that will serve the > pages and work as a regular server except with the extras of being a > honeypot, ie logging and prevention measures? I'm asking because I had > an idea for a pair of webservers behind an IDS/Firewall. Regular > traffic goes to the primary web server but suspicious traffic gets > dumped onto the honeypot server. This lets false positives view the > site but not have access to any other services (FTP or anything else > on the real server) and gives a good idea of what they'd try to do to > the clean server so you could catch 0-days and such. And if you're > bored you can update the honeyserver semi-regularly to get all the new > goodies on there for attackers to go after (with some changes > obviously). I know you can emulate web servers with various methods > but I'm curious if there's somebody/group doing that now or a tool > anyone knows of for it. >
Current thread:
- Honeypot webserver question ChayoteMu (Jul 03)
- Re: Honeypot webserver question Jess Garcia (Jul 04)
- Re: Honeypot webserver question Guillaume Vissian (Jul 04)
- <Possible follow-ups>
- RE: Honeypot webserver question Soi, Dhruv (Jul 04)
- Re: Honeypot webserver question Elcesar (Jul 05)