RE: High interaction Windows Honeypot

["Michael A. Davis" <mike () datanerds net>]

In the next two weeks.  Also, I will be releasing a windows version of the
sebek server so you can do exactly as you want =)

Thanks,
Michael A. Davis
Chief Executive Officer
Savid Technologies, Inc.
Main: 708.243.2850
http://www.savidtech.com

This email may contain confidential and privileged information for the sole
use of the intended recipient. Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact
the sender and delete all copies of this message.

> -----Original Message-----
> From: Ahmed Ameen [mailto:ahmedameen () gmail com] 
> Sent: Friday, August 12, 2005 1:25 PM
> To: Michael A. Davis
> Cc: Stejerean, Cosmin; Thorsten Holz; honeypots () securityfocus com
> Subject: Re: High interaction Windows Honeypot
>
> Hello Michael,
> When do you expect the release? I was able to download the 
> previous version but it turned out to be the server only how 
> can I get the client is there a client for windows?
>
> One of my main objectives is to have my Honeynet all in 
> windows environment so am currently working on listing all 
> the tools available for windows in this field.
>
> Thanks all for the help.
>
>
> On 8/9/05, Michael A. Davis <mike () datanerds net> wrote:
> > Yes, I am. It is pretty much finished. The problem is the new 3.0 
> > integration (i.e. roo) it is all the other features. Also, 
> there are 
> > some licensing questions that I am currently investigating 
> before releasing it.
> > Thanks,
> > Michael t a A. Davis
> > Chief Executive Officer
> > Savid Technologies, Inc.
> > Main: 708.243.2850
> > http://www.savidtech.com
> >
> > This email may contain confidential and privileged 
> information for the 
> > sole use of the intended recipient. Any review or distribution by 
> > others is strictly prohibited. If you are not the intended 
> recipient, 
> > please contact the sender and delete all copies of this message.
> >
> > > -----Original Message-----
> > > From: Stejerean, Cosmin [mailto:cosmin () cti depaul edu]
> > > Sent: Monday, August 08, 2005 11:49 AM
> > > To: Thorsten Holz; honeypots () securityfocus com
> > > Subject: RE: High interaction Windows Honeypot
> > >
> > > Is anyone working on a Sebek3 program for Windows?
> > >
> > > Cosmin
> > >
> > > -----Original Message-----
> > > From: Thorsten Holz [mailto:thorsten.holz () mmweg rwth-aachen de]
> > > Sent: Monday, August 08, 2005 11:07 AM
> > > To: honeypots () securityfocus com
> > > Subject: Re: High interaction Windows Honeypot
> > >
> > > Ahmed Ameen wrote:
> > > > Hello All,
> > > > I am currently planning for my CS thesis which I 
> decided to do on 
> > > > Windows Honeypots. I was wondering if anyone has experience on 
> > > > building a high interaction honeypot using a windows
> > > environment and
> > > > VMware.
> > >
> > > Some experience from me and the German Honeynet Project:
> > >
> > > * For the Honeywall, the easiest way to setup is the 
> Honeywall CDROM 
> > > Roo (http://www.honeynet.org/tools/cdrom/).
> > > This is Linux-based, but that should be no big problem. 
> Just boot a 
> > > computer with three interfaces (two also works, but for 
> management a 
> > > dedicated interface is best) and within 20 minutes your are done. 
> > > Customization is very easy and the web-interface allows you to 
> > > monitor what's going on. If you really need it, you can 
> also install 
> > > the Honeywall "by Hand", but that's rather time-consuming...
> > >
> > > * Unfortunately, no Sebek version 3.x exists for Windows yet.
> > > It is in development, but not ready up to now. So you have to use 
> > > Sebek version 2.x 
> > > (http://www.honeynet.org/tools/sebek/2/sebek-win32-2.1.5.zip).
> > >  Just install Windows and you are basically done. If you 
> don't apply 
> > > some patches, a default installation of Windows will be 
> compromised 
> > > by a bot in an automated way within several minutes...
> > >
> > > * If you want to setup a virtual honeynet, just follow the steps 
> > > outlined in the paper "Virtual Honeynet: Deploying 
> Honeywall using 
> > > VMware"
> > > (http://www.honeynet.org.pk/honeywall/) written by the Pakistan 
> > > Honeynet Project.
> > >
> > > Cheers,
> > >    Thorsten
> > >
> > >
> > > --
> > > No virus found in this incoming message.
> > > Checked by AVG Anti-Virus.
> > > Version: 7.0.338 / Virus Database: 267.10.2/65 - Release
> > > Date: 8/7/2005
>
>
> --
> Regards
> Ahmed Ameen