|
Honeypots
mailing list archives
Honeypot/net IDS System
From: Daniel Roth <d00roth () dtek chalmers se>
Date: Sun, 22 Feb 2004 23:41:56 +0100
Hi!
I wrote here some months ago about a project I and som friends have been
asked to do.
It is up and running now, and we would really(!!) like to have som
feedback, thoughts and
ideas before we start using the system sharp. We're currently in a
testphase.
http://jackass.tekno.chalmers.se/dp03-17/
From the What-it-is section:
"...we in the group focused a bit more on how to "invite" the attacker
and let him/her into
a fake system, a honeypot. Our honeypot is a single computer, faking
many computers, with different
computers, operating systems and routers. This system is supervised via
a GUI where one can click
and drag to add computers/routers a visual way. When satisfied a
configfile will be written and system
up and running. The backend is a combination of an ids system, with an
advanced honeypotdeamon,
lots of virtual filesystems and a log/abuse-function which can mail the
system administrator when
something suspicious happens"
Daniel
 By Date 
By Thread
Current thread:
- Honeypot/net IDS System Daniel Roth (Feb 22)
|
Intro
