Honeypots mailing list archives
RE: High interaction Windows Honeypot
From: "Michael A. Davis" <mike () datanerds net>
Date: Fri, 12 Aug 2005 21:40:07 -0500
In the next two weeks. Also, I will be releasing a windows version of the sebek server so you can do exactly as you want =) Thanks, Michael A. Davis Chief Executive Officer Savid Technologies, Inc. Main: 708.243.2850 http://www.savidtech.com This email may contain confidential and privileged information for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies of this message.
-----Original Message----- From: Ahmed Ameen [mailto:ahmedameen () gmail com] Sent: Friday, August 12, 2005 1:25 PM To: Michael A. Davis Cc: Stejerean, Cosmin; Thorsten Holz; honeypots () securityfocus com Subject: Re: High interaction Windows Honeypot Hello Michael, When do you expect the release? I was able to download the previous version but it turned out to be the server only how can I get the client is there a client for windows? One of my main objectives is to have my Honeynet all in windows environment so am currently working on listing all the tools available for windows in this field. Thanks all for the help. On 8/9/05, Michael A. Davis <mike () datanerds net> wrote:Yes, I am. It is pretty much finished. The problem is the new 3.0 integration (i.e. roo) it is all the other features. Also,there aresome licensing questions that I am currently investigatingbefore releasing it.Thanks, Michael t a A. Davis Chief Executive Officer Savid Technologies, Inc. Main: 708.243.2850 http://www.savidtech.com This email may contain confidential and privilegedinformation for thesole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intendedrecipient,please contact the sender and delete all copies of this message.-----Original Message----- From: Stejerean, Cosmin [mailto:cosmin () cti depaul edu] Sent: Monday, August 08, 2005 11:49 AM To: Thorsten Holz; honeypots () securityfocus com Subject: RE: High interaction Windows Honeypot Is anyone working on a Sebek3 program for Windows? Cosmin -----Original Message----- From: Thorsten Holz [mailto:thorsten.holz () mmweg rwth-aachen de] Sent: Monday, August 08, 2005 11:07 AM To: honeypots () securityfocus com Subject: Re: High interaction Windows Honeypot Ahmed Ameen wrote:Hello All, I am currently planning for my CS thesis which Idecided to do onWindows Honeypots. I was wondering if anyone has experience on building a high interaction honeypot using a windowsenvironment andVMware.Some experience from me and the German Honeynet Project: * For the Honeywall, the easiest way to setup is theHoneywall CDROMRoo (http://www.honeynet.org/tools/cdrom/). This is Linux-based, but that should be no big problem.Just boot acomputer with three interfaces (two also works, but formanagement adedicated interface is best) and within 20 minutes your are done. Customization is very easy and the web-interface allows you to monitor what's going on. If you really need it, you canalso installthe Honeywall "by Hand", but that's rather time-consuming... * Unfortunately, no Sebek version 3.x exists for Windows yet. It is in development, but not ready up to now. So you have to use Sebek version 2.x (http://www.honeynet.org/tools/sebek/2/sebek-win32-2.1.5.zip). Just install Windows and you are basically done. If youdon't applysome patches, a default installation of Windows will becompromisedby a bot in an automated way within several minutes... * If you want to setup a virtual honeynet, just follow the steps outlined in the paper "Virtual Honeynet: DeployingHoneywall usingVMware" (http://www.honeynet.org.pk/honeywall/) written by the Pakistan Honeynet Project. Cheers, Thorsten -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.2/65 - Release Date: 8/7/2005-- Regards Ahmed Ameen
Current thread:
- High interaction Windows Honeypot Ahmed Ameen (Aug 08)
- Re: High interaction Windows Honeypot Thorsten Holz (Aug 08)
- <Possible follow-ups>
- RE: High interaction Windows Honeypot Stejerean, Cosmin (Aug 08)
- RE: High interaction Windows Honeypot Stejerean, Cosmin (Aug 08)
- RE: High interaction Windows Honeypot Michael A. Davis (Aug 08)
- RE: High interaction Windows Honeypot Michael A. Davis (Aug 09)
- Re: High interaction Windows Honeypot George Bakos (Aug 11)
- Re: High interaction Windows Honeypot Ahmed Ameen (Aug 12)
- RE: High interaction Windows Honeypot Michael A. Davis (Aug 12)
- Re: High interaction Windows Honeypot Ahmed Ameen (Aug 14)
- RE: High interaction Windows Honeypot mnelson (Aug 16)
- Re: High interaction Windows Honeypot Ahmed Ameen (Aug 17)
- RE: High interaction Windows Honeypot Michael A. Davis (Aug 08)