Honeypots mailing list archives
Re: deploying honeypots...
From: Ahmed Ameen <ahmedameen () gmail com>
Date: Sat, 20 Aug 2005 12:41:20 +0300
For you first question I would say leave them with no patches, the opjective is to attract the black-hat community. Regarding your second question if you mean what hardware (server or PC) then it doesn't make a defiance, as you don't expect that huge load to be on this machine i would recommend to start with a normal PC. Also did you conceder server partitioning by using VMWare or MS virtual PC ? you can save lot of hardware resources by using these, I am currently building a complete honeynet by only using one PC and VMWare. Regards, Ahmed Ameen On 8/20/05, cyb3rh3b () kecoak or id <cyb3rh3b () kecoak or id> wrote:
hi, i've been reading about honeypots technology since a couple of month, but i never deploy one. It's my final term on college now and i am planning to build a honeynet with artificial neural network integrated in it system... first of all...i am trying to build my own honeynet, but there's some problem appear about it's topology. I am going to use 2 kind of OS as a target behind a honeywall, it's windows XP and gentoo linux. My question are: 1. should i use full defending system for both OS (especially for windows, should it patched with new patched or just left it) or just left them as default system? 2. I am planning to use data from scan of the month challange as base for the artificial neural network application and trained it in honeynet network, i haven't download those data so i don't know yet if the data captured was design to server area honeynet or personal machine honeynet, so i still have no idea what kind of honeypot machine especially for windows i should build here, should i run server or just personal machine?!if it server...then what kind of service is common to be used in honeynet? i think just 2 question for now :P, im not speaking english fluently so im really sory if my speaking here is bad... warm regards, Rasyid ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
-- Regards Ahmed Ameen
Current thread:
- deploying honeypots... cyb3rh3b (Aug 19)
- Re: deploying honeypots... Ahmed Ameen (Aug 20)
- Re: deploying honeypots... cyb3rh3b (Aug 20)
- Re: deploying honeypots... Ahmed Ameen (Aug 20)
- Re: deploying honeypots... Valdis . Kletnieks (Aug 21)
- Re: deploying honeypots... Barrie Dempster (Aug 24)
- Re: deploying honeypots... cyb3rh3b (Aug 20)
- <Possible follow-ups>
- RE: deploying honeypots... Connell, Graeme S (Aug 20)
- RE: deploying honeypots... cyb3rh3b (Aug 20)
- Re: deploying honeypots... Damiano Bolzoni (Aug 22)
- Re: deploying honeypots... Valdis . Kletnieks (Aug 22)
- Re: deploying honeypots... Damiano Bolzoni (Aug 23)
- Re: deploying honeypots... Valdis . Kletnieks (Aug 24)
- RE: deploying honeypots... cyb3rh3b (Aug 20)
- Re: deploying honeypots... Ahmed Ameen (Aug 20)