Honeypots mailing list archives
RE: RE: deploying honeypots...
From: "Chen Zhang" <chen_zhang () comcast net>
Date: Sun, 21 Aug 2005 16:30:40 -0400
Hi, I have a standard configuration of Honeywall with a couple of honeypots running. However, the traffic that is logged and can be analyzed through Walleye includes a lot of packets with source and destination IPs that are neither related to my honeypots. I am wondering if eth0 (the outside interface of the Ethernet bridge) is set to promiscuous mode and therefore logging all traffic bypassing. Or the only other possibility that I can think of -- a lot of spoofed packets. Thanks, Chen -----Original Message----- From: gangadhar npk [mailto:phani () myrealbox com] Sent: Sunday, August 21, 2005 10:13 AM To: cyb3rh3b () kecoak or id Cc: gconnell () middlebury edu; honeypots () securityfocus com Subject: Re: RE: deploying honeypots... Hi, But as Graeme already pointed out, since all the traffic that is going to hit your honeypot is going to malicious, how can you effectively sift the bad from the good. Logically, there can't be any good traffic heading your way. What you can try though is to sift the bad from the very bad traffic and see if a pattern does emerge. Interestng project, good luck ! my 2 cents worth gangadhar
Current thread:
- Re: deploying honeypots..., (continued)
- Re: deploying honeypots... Ahmed Ameen (Aug 20)
- Re: deploying honeypots... Valdis . Kletnieks (Aug 21)
- Re: deploying honeypots... Barrie Dempster (Aug 24)
- RE: deploying honeypots... Connell, Graeme S (Aug 20)
- RE: deploying honeypots... cyb3rh3b (Aug 20)
- Re: deploying honeypots... Damiano Bolzoni (Aug 22)
- Re: deploying honeypots... Valdis . Kletnieks (Aug 22)
- Re: deploying honeypots... Damiano Bolzoni (Aug 23)
- Re: deploying honeypots... Valdis . Kletnieks (Aug 24)
- RE: deploying honeypots... cyb3rh3b (Aug 20)
- RE: RE: deploying honeypots... Chen Zhang (Aug 21)
- Re: RE: deploying honeypots... Barrie Dempster (Aug 24)
- Re: RE: deploying honeypots... cyb3rh3b (Aug 26)