Re: Honeyd for Windows

["Biju Thomas" <biju.thomas.m () gmail com>]

Hi ,

Thankyou for the responses.

I have got a fair idea about the honeypot solutions available. I tried
out KFSensor on Windows XP and installed Honeyd1.5a on a RHEL 3.0
machine both with the default configurations. I will now explore the
advanced features.

I will also try out honeybot and Specter.

I went through tracking-hackers.com, and the mailing lists at honeyd
site. Is there any suggestion for other disscussion forums available
for the honeypot technology.

Thanks,
Biju

On 8/18/06, James Chamberlain <jchamberlain () isac-usa com> wrote:
> Another Windows Honeypot is Specter.  They have a $200 R&D version.
>
>
> Jim Chamberlain
>
>
>
> On Aug 17, 2006, at 2:11 PM, Roger A. Grimes wrote:
>
> In all reality, Honeyd for Windows doesn't really work anymore. Michael
> Davis did us a great service by porting it from Linux to Windows back in
> the day, but since then it has been nearly a dead project. It doesn't
> work well on Windows at all, has major routing issues, etc.
>
> My book, Honeypots for Windows, has a few chapters on it. I loved it.
> But, yes, it's time to use Honeyd on Linux or BSD if you've got the
> skills. It works great there. Or try Kfsensor or PatriotBox instead.
> KFSensor is the best Windows honeypot on the market, although a bit
> pricy for the casual user.  It's a great eval though. And try any of the
> excellent honeypot discussion sites to find dozens of other free
> honeypots to play with.
>
> Roger
>
> *****************************************************************
> *Roger A. Grimes, InfoWorld, Security Columnist
> *CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
> *email: roger_grimes () infoworld com or roger () banneretcs com
> *Author of Professional Windows Desktop and Server Hardening (Wrox)
> *http://www.amazon.com/gp/product/0764599909
> *****************************************************************
>
>
>
> -----Original Message-----
> From: Thorsten Holz [mailto:thorsten.holz () gmail com]
> Sent: Thursday, August 17, 2006 4:45 AM
> To: honeypots () securityfocus com
> Subject: Re: Honeyd for Windows
>
> On 8/17/06, Biju Thomas <biju.thomas.m () gmail com> wrote:
>
> > I am new to Honeypot technology. After reading through honeypot
> > related literature, I wanted to try some hands-on. I decided to try
> > out honeyd for Windows. The papers suggested that honeyd for windows
> > can be downloaded from
> > http://www.securityprofiling.com/honeyd/honeyd.shtml
>
> Honeyd for Windows has not been updated for a long time, the currently
> available version is 0.5a. Honeyd for Linux/*BSD is already at version
> 1.5a. So I would strongly suggest to try the Linux/*BSD version...
>
> > However this link seems to be not responding. Is there any other place
>
> > from where I can download honeyd for Windows.
>
> You could try http://www.datanerds.net/~mike/binaries/
>
> Cheers,
>    Thorsten