Honeypots mailing list archives
Re: Honey Pot Creation
From: David Watson <david () honeynet org uk>
Date: Thu, 17 Aug 2006 11:33:52 +0100
Dev, Worth a read when getting started with honeypots are: The Honeynet Project books http://www.amazon.com/gp/product/0321166469/sr=8-1/qid=1155810395/ref=pd_bbs_1/104-2156992-8800761?ie=UTF8 http://www.amazon.com/gp/product/0321108957/sr=1-1/qid=1155810448/ref=pd_bbs_1/104-2156992-8800761?ie=UTF8&s=books Roger Grimes's "Honeypots for Windows" book: http://www.amazon.com/gp/product/1590593359/sr=1-2/qid=1155810484/ref=sr_1_2/104-2156992-8800761?ie=UTF8&s=books And I`d take a look existing low and high interaction honeypot solutions: http://www.securitywizardry.com/honeypots.htm Most are pretty straight forward to test and experiment with in a lab. Hopefully these links should be enough to get you started, good luck! Thanks, David Dev Anand wrote:
Dear List members , Thank you all for your valuable suggestions. I have started looking at honeyd and nepenthes howtos . Thanks once again . Regards -Deva On 8/14/06, Jamie Riden <jamesr () europe com> wrote:On 14/08/06, Brad Rubin <bsrubin () stthomas edu> wrote:Deva, A honeypot can be any non-production system, so creating one can be as simple as getting a system setup with Windows or Linux while waiting for it to be attacked. The honeywall sits in between the honeypot and the network and helps with logging activities directed to or coming from the honeypot if it is compromised. It also helps limit the outgoing damage and associated liability if something does compromise the honeypot. And, the honeywall is designed to do this while trying to remain hidden from the outside. You can also create a series of honeypot systems and network that run virtually on a single system using some software called Honeyd.nepenthes (nepenthes.mwcollect.org) is also an easy low-interaction honeypot to start with. It emulates known Windows vulnerabilities and catches quite a few different worms and bots. A high-interaction honeypot is just some extra monitoring stuff (such as the Roo honeywall) on top of a genuinely vulnerable system and needs *constant* attention. For a web-based honeypot, you could, e.g. install awstats, change the version number to a vulnerable version (6.4 and below I think) and then get it indexed on search engines. (see http://ghh.sourceforge.net/ for other ways of doing web-based stuff). The first reply concerns spam honeypots, which pretend to be open relays, or open SOCKS proxies but actually throw away all the email except the first test. cheers, Jamie -- Jamie Riden / jamesr () europe com / jamie.riden () computer org NZ Honeynet project - http://www.nz-honeynet.org/
-- David Watson UK Honeynet Project www.ukhoneynet.org david () honeynet org uk
Current thread:
- Honey Pot Creation Dev Anand (Aug 13)
- Re: Honey Pot Creation Alice Bryson <abryson () bytefocus com> (Aug 13)
- Re: Honey Pot Creation Brad Rubin (Aug 13)
- Re: Honey Pot Creation Jamie Riden (Aug 14)
- Re: Honey Pot Creation Dev Anand (Aug 15)
- Re: Honey Pot Creation David Watson (Aug 17)
- Re: Honey Pot Creation Jamie Riden (Aug 14)
- Using Hflow separetly from HoneyWall (roo)? Göran Sandahl (Aug 14)
- Re: Honey Pot Creation Hugo Francisco González Robledo (Aug 14)