RE: Honeynet installation

["Patrick McCarty" <pmccarty () apu edu>]

I think your confusion lies in that a honeynet is not a particular
setup, nor software product, rather it is a discription of collective
functionality which can be achieved a variety of ways.

You could achieve this virtually on one system, or physically with
multiple systems. Alternatively, you could configure a hybrid
configuration with some physical and some virtual.

Roo is an implementation of both Data Capture, and Data Control as a
gateway that sits between the internet and your honeypots.

-- patrick

-----Original Message-----
From: wiz561 () hotmail com [mailto:wiz561 () hotmail com] 
Sent: Thursday, January 05, 2006 10:33 AM
To: honeypots () securityfocus com
Subject: Honeynet installation

Hi!

   I'm just starting out with they honeynet cd and trying to fiddle
around with it.  I read through a bunch of the KYE docs up on the web
site and most of the docs on roo.  However, I'm not really catching onto
how you would setup the network topology.  I'm getting confused because
it sounds like honeynet is only half of the program.  The other half is
running multiple OS's on your system using vmware.  I have a hard time
believing this though because of how much disk space you would need and
processing power.  

   My question is how do you get started with honeynets?  How do you
setup the networking?  Can you use just one machine running honeynet and
have three physical NIC's in the machine?  Does eth0 connect to the
internet and have a routable address?  What does eth1 connect to?  I
figured out eth2 is the admin interface.  


    Any help is appreciated.  I'm just starting to get a little
frustrated because I don't quite understand how the topology is setup.
Also, many of the images on the honeynet site (IE: figure A) do not have
a legend on what's physical and virtual....if anything.  Again, I just
think I need a kick in the back to get started!  Thanks for any help.