Re: Honey Pot Creation

["Dev Anand" <deva.security () gmail com>]

Dear List members ,

Thank you all for your valuable suggestions.

I have started looking at honeyd and nepenthes howtos .

Thanks once again .

Regards
-Deva

On 8/14/06, Jamie Riden <jamesr () europe com> wrote:
> On 14/08/06, Brad Rubin <bsrubin () stthomas edu> wrote:
> > Deva,
> >
> > A honeypot can be any non-production system, so creating one can be
> > as simple as getting a system setup with Windows or Linux while
> > waiting for it to be attacked.  The honeywall sits in between the
> > honeypot and the network and helps with logging activities directed
> > to or coming from the honeypot if it is compromised.  It also helps
> > limit the outgoing damage and associated liability if something does
> > compromise the honeypot.  And, the honeywall is designed to do this
> > while trying to remain hidden from the outside.
> >
> > You can also create a series of honeypot systems and network that run
> > virtually on a single system using some software called Honeyd.
>
> nepenthes (nepenthes.mwcollect.org) is also an easy low-interaction
> honeypot to start with. It emulates known Windows vulnerabilities and
> catches quite a few different worms and bots.
>
> A high-interaction honeypot is just some extra monitoring stuff (such
> as the Roo honeywall) on top of a genuinely vulnerable system and
> needs *constant* attention.
>
> For a web-based honeypot, you could, e.g. install awstats, change the
> version number to a vulnerable version (6.4 and below I think) and
> then get it indexed on search engines. (see
> http://ghh.sourceforge.net/ for other ways of doing web-based stuff).
>
> The first reply concerns spam honeypots, which pretend to be open
> relays, or open SOCKS proxies but actually throw away all the email
> except the first test.
>
> cheers,
>  Jamie
> --
> Jamie Riden / jamesr () europe com / jamie.riden () computer org
> NZ Honeynet project - http://www.nz-honeynet.org/