Honeypots: Re: Honeyclients info

[Thorsten Holz <thorsten.holz () mmweg rwth-aachen de>]

Kathy Wang wrote:
> On Wed, Apr 20, 2005 at 07:20:35PM -0500, David Jiménez Domínguez
> <djdsecurity () gmail com> stated:
> > but, does the idea is to do the scan by itself (like a spider) or 
> > while I'm using my web browser?
> While you could do it either way, I'm implementing mine as a spider.
Using the web browser would probably not scale since that can't be
automated that easily. If you do spidering, you can analyze many web
sites in parallel and also use IRC, P2P and other client-side honeypots
simultaneously...

> > Is it going to report the events to a centralized sever... (may be
> > a honeyserver)?
> Right now, there is no centralized server, but it could certainly be
> done that way.
Reporting the collected data to roo (next generation Honeywall) would be
a nice feature since data aggregation and data analysis could be done
their. This way, it would be easier to analyse what happened exactly...

Just my 0.02 Euro,
  Thorsten