RE: inside or outside

["McCammon, Keith" <Keith.McCammon () eadvancemed com>]

> I've considered setting up a honeypot but not before I learn 
> alot more than
> what I know now. It's a tremendous responsibility considering 
> if not setup
> properly could backfire. 

Very good idea to wait.  When set up properly, they can be valuable tools.  When done hastily, they usually just cause 
trouble.  
 
> For now, though, what I plan on doing is punching a hole through the
> firewall to a common port like portmapper (111) then placing 
> something on
> it that'll allow the port to appear open like running nc -l 
> -p 111 -v along
> with snort and seeing what I capture.

This will get you started.  However, you're only going to be able to examine stimulus.  Still, as you mentioned, you 
can get started with something like this until you feel comfortable working on a live/test network. 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users