PaulDotCom mailing list archives
Re: Honeypot
From: Tom McCredie <tom () mccredie co>
Date: Thu, 23 Jun 2011 08:37:49 +0100
Hi guys, This is something that ive been interested in doing for a while now, but haven't actually gotten round to it yet (work!). Anyone have any suggested setups? Would be interesting to here of any "HoneyMonkey's" that are OpenSource of offer a trial download? Cheers On 22 June 2011 17:17, Michael Lubinski <michael.lubinski () gmail com> wrote:
What methods were you using to analyze the proxy logs for out of the norm behavior? On Wed, Jun 22, 2011 at 6:11 AM, Ben Jackson <bbj () mayhemiclabs com> wrote:On Tue, Jun 21, 2011 at 4:41 PM, Michael Lubinski <michael.lubinski () gmail com> wrote:Who runs honeypots? My research suggests that Dionaea seems to be theone.My goal is malware classification and collection.If you want malware, running a honeypot isn't going to get you much in the way of "new" samples. 99% of the malware coming into any environment is going to be delivered by drive-by-downloads. Running a "regular" honeypot is going to get you stuff that is already fairly well known (Conficker, SQL Slammer, etc). You'd be better off finding a HoneyMonkey (I don't know if there is a free one out there) or analyzing proxy logs for executable downloads. I netted a boat load of stuff in my previous job following option B. It's always cool to get a piece of malware that was created the same day you're analyzing it. Another option, which I have not done, is analyzing your mail queue. -- Ben Jackson - Mayhemic Labs bbj () mayhemiclabs com - http://www.mayhemiclabs.com - +1-508-296-0267 "Assume that what is in the power of one man to do, is in the power of another" _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Honeypot Michael Lubinski (Jun 21)
- Re: Honeypot Matt Erasmus (Jun 22)
- Re: Honeypot Ben Jackson (Jun 22)
- Re: Honeypot Michael Lubinski (Jun 22)
- Re: Honeypot Jim Halfpenny (Jun 23)
- Re: Honeypot Ben Jackson (Jun 23)
- Re: Honeypot Arch Angel (Jun 23)
- Re: Honeypot Michael Lubinski (Jun 22)
- Re: Honeypot Tom McCredie (Jun 23)