RE: High interaction Windows Honeypot

Erm, Is NOT the 3.0 integration.

Thanks,
Michael A. Davis
Chief Executive Officer
Savid Technologies, Inc.
Main: 708.243.2850
http://www.savidtech.com

This email may contain confidential and privileged information for the sole
use of the intended recipient. Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact
the sender and delete all copies of this message.

> -----Original Message-----
> From: Michael A. Davis [mailto:mike_at_datanerds.net]
> Sent: Monday, August 08, 2005 9:40 PM
> To: 'Stejerean, Cosmin'; 'Thorsten Holz'; honeypots_at_securityfocus.com
> Subject: RE: High interaction Windows Honeypot
>
> Yes, I am. It is pretty much finished. The problem is the new
> 3.0 integration (i.e. roo) it is all the other features.
> Also, there are some licensing questions that I am currently
> investigating before releasing it.
>
> Thanks,
> Michael A. Davis
> Chief Executive Officer
> Savid Technologies, Inc.
> Main: 708.243.2850
> http://www.savidtech.com
>
> This email may contain confidential and privileged
> information for the sole use of the intended recipient. Any
> review or distribution by others is strictly prohibited. If
> you are not the intended recipient, please contact the sender
> and delete all copies of this message.
>
> > -----Original Message-----
> > From: Stejerean, Cosmin [mailto:cosmin_at_cti.depaul.edu]
> > Sent: Monday, August 08, 2005 11:49 AM
> > To: Thorsten Holz; honeypots_at_securityfocus.com
> > Subject: RE: High interaction Windows Honeypot
> >
> > Is anyone working on a Sebek3 program for Windows?
> >
> > Cosmin
> >
> > -----Original Message-----
> > From: Thorsten Holz [mailto:thorsten.holz_at_mmweg.rwth-aachen.de]
> > Sent: Monday, August 08, 2005 11:07 AM
> > To: honeypots_at_securityfocus.com
> > Subject: Re: High interaction Windows Honeypot
> >
> > Ahmed Ameen wrote:
> > > Hello All,
> > > I am currently planning for my CS thesis which I decided to do on
> > > Windows Honeypots. I was wondering if anyone has experience on
> > > building a high interaction honeypot using a windows
> > environment and
> > > VMware.
> >
> > Some experience from me and the German Honeynet Project:
> >
> > * For the Honeywall, the easiest way to setup is the
> Honeywall CDROM
> > Roo (http://www.honeynet.org/tools/cdrom/).
> > This is Linux-based, but that should be no big problem. Just boot a
> > computer with three interfaces (two also works, but for
> management a
> > dedicated interface is best) and within 20 minutes your are done.
> > Customization is very easy and the web-interface allows you
> to monitor
> > what's going on. If you really need it, you can also install the
> > Honeywall "by Hand", but that's rather time-consuming...
> >
> > * Unfortunately, no Sebek version 3.x exists for Windows yet.
> > It is in development, but not ready up to now. So you have to use
> > Sebek version 2.x
> > (http://www.honeynet.org/tools/sebek/2/sebek-win32-2.1.5.zip).
> > Just install Windows and you are basically done. If you
> don't apply
> > some patches, a default installation of Windows will be
> compromised by
> > a bot in an automated way within several minutes...
> >
> > * If you want to setup a virtual honeynet, just follow the steps
> > outlined in the paper "Virtual Honeynet: Deploying Honeywall using
> > VMware"
> > (http://www.honeynet.org.pk/honeywall/) written by the Pakistan
> > Honeynet Project.
> >
> > Cheers,
> > Thorsten
> >
> >
> > --
> > No virus found in this incoming message.
> > Checked by AVG Anti-Virus.
> > Version: 7.0.338 / Virus Database: 267.10.2/65 - Release
> > Date: 8/7/2005
> >
> >
>
>
Received on Aug 09 2005