mailing list archives
RE: Honeypot Server
From: "Brett Kennedy" <Brett.Kennedy () caseware com>
Date: Thu, 17 Jan 2008 13:12:09 -0500
Depending on the purpose of the honeypot, most likey you want an
environment as similar as possible to the real environment you wish to
simulate with the honeypot. This would let you study the attacks on the
honeypot in the most meaningful way. You'd also want software then to
monitor tcp traffic, changes to the local drive and so on. These could
be standard software used for these purposes, such as mod_security,
tripwire etc., and not necessarily honeypot-specific.
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Gleb Paharenko
Sent: January 17, 2008 12:48 PM
To: m.farid.shawara () gmail com
Cc: security-basics () securityfocus com
Subject: Re: Honeypot Server
Though I have not practical experience with honeypots yet. I suggest you
a good resource:
Also you should determine the needs of your honeypot (just get
attempts to connect, or research what malicious atacker is doing), and
select an appropriated solution, it can be a whole honeypot
infrastructure. Honeynet claims that their live cd is fine:
2008/1/17, m.farid.shawara () gmail com <m.farid.shawara () gmail com>:
Dear All :
Can you advise what is the best honeypot server available
Open-source or commercial - it doesn't matter as long as it will be
administrate and easy to monitor and alerted ...
Mohamed Farid ...
Click the link below to report this message as spam to Caseware E-Mail
Security Server ESVA.