Re: botnet logs

[Nathan <nathan.trav () gmail com>]

Hello!

I don't really get this part. If the host pc you are running honeyd on
it is infected, how can you benefit from this with your honeyd? It's
okay to monitor your pc's traffic, and control the outgoing malicious
packets, but where honeyd comes in? The only thing i can think of, to
watch the malware trying to spread through the virtual hosts generated
by honeyd.

Thanks,
Nate

Valdis.Kletnieks () vt edu wrote:
> 2) The honeyd is running on a host that's part of a botnet.  For this to
> happen, first it has to be botted into the net - and then the owners of the
> honeyd have to allow it to participate in the attack, which is somewhat
> morally ambiguous (unless you let it attack but then firewall off the
> attack packets along the way).
>