PaulDotCom mailing list archives

Re: Honeypot

From: Tom McCredie <tom () mccredie co>
Date: Thu, 23 Jun 2011 08:37:49 +0100

Hi guys,

This is something that ive been interested in doing for a while now, but
haven't actually gotten round to it yet (work!).

Anyone have any suggested setups?

Would be interesting to here of any "HoneyMonkey's" that are OpenSource of
offer a trial download?

Cheers


On 22 June 2011 17:17, Michael Lubinski <michael.lubinski () gmail com> wrote:

What methods were you using to analyze the proxy logs for out of the norm
behavior?

On Wed, Jun 22, 2011 at 6:11 AM, Ben Jackson <bbj () mayhemiclabs com> wrote:

On Tue, Jun 21, 2011 at 4:41 PM, Michael Lubinski
<michael.lubinski () gmail com> wrote:

Who runs honeypots? My research suggests that Dionaea seems to be the

one.

My goal is malware classification and collection.


If you want malware, running a honeypot isn't going to get you much in
the way of "new" samples. 99% of the malware coming into any
environment is going to be delivered by drive-by-downloads. Running a
"regular" honeypot is going to get you stuff that is already fairly
well known (Conficker, SQL Slammer, etc). You'd be better off finding
a HoneyMonkey (I don't know if there is a free one out there) or
analyzing proxy logs for executable downloads. I netted a boat load of
stuff in my previous job following option B. It's always cool to get a
piece of malware that was created the same day you're analyzing it.

Another option, which I have not done, is analyzing your mail queue.

--
Ben Jackson - Mayhemic Labs
bbj () mayhemiclabs com - http://www.mayhemiclabs.com - +1-508-296-0267
"Assume that what is in the power of one man to do, is in the power of
another"
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Honeypot Michael Lubinski (Jun 21)
- Re: Honeypot Matt Erasmus (Jun 22)
- Re: Honeypot Ben Jackson (Jun 22)
  - Re: Honeypot Michael Lubinski (Jun 22)
    - Re: Honeypot Jim Halfpenny (Jun 23)
    - Re: Honeypot Ben Jackson (Jun 23)
    - Re: Honeypot Arch Angel (Jun 23)
    - Re: Honeypot Tom McCredie (Jun 23)