Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Honeynet installation

From: "Stejerean, Cosmin" <cosmin () cti depaul edu>
Date: Thu, 5 Jan 2006 14:01:17 -0600
A honeynet is a network of honeypots. The honeywall works like a specialized firewall + logging facility. It can limit 
the damage that an attacker can do to the outside world once a honeypot is compromised and log information from Sebek, 
etc and display all of this to you so you can get a nice centralized view of all relevant information. So yes, the 
honeywall is only half of the honeynet, the other half are the actual honeypots. You can setup the honeypots in a VM on 
the same machine (hybrid setup), on another machine (which will then connect to eth1 on your honeywall) or on multiple 
machines (old PIIs or PIIIs) that will then connect to a switch (and the uplink of the switch will go to eth1).

Setting up the honeypots in VM doesn't require as much space and processing power as people think because the sole 
purpose of these machines are to be attacked (ie. they don't need a lot of space of RAM). You can get by with offering 
the minimum amount of space and ram for each OS you install.


Hope this helps you get started.


Regards,

Cosmin Stejerean


-----Original Message-----
From: wiz561 () hotmail com [mailto:wiz561 () hotmail com]
Sent: Thu 1/5/2006 12:32 PM
To: honeypots () securityfocus com
Subject: Honeynet installation
 
Hi!

   I'm just starting out with they honeynet cd and trying to fiddle around with it.  I read through a bunch of the KYE 
docs up on the web site and most of the docs on roo.  However, I'm not really catching onto how you would setup the 
network topology.  I'm getting confused because it sounds like honeynet is only half of the program.  The other half is 
running multiple OS's on your system using vmware.  I have a hard time believing this though because of how much disk 
space you would need and processing power.  

   My question is how do you get started with honeynets?  How do you setup the networking?  Can you use just one 
machine running honeynet and have three physical NIC's in the machine?  Does eth0 connect to the internet and have a 
routable address?  What does eth1 connect to?  I figured out eth2 is the admin interface.  


    Any help is appreciated.  I'm just starting to get a little frustrated because I don't quite understand how the 
topology is setup.  Also, many of the images on the honeynet site (IE: figure A) do not have a legend on what's 
physical and virtual....if anything.  Again, I just think I need a kick in the back to get started!  Thanks for any 
help.
Previous By Date Next
Previous By Thread Next

Current thread: