On 14/08/06, Brad Rubin <bsrubin_at_stthomas.edu> wrote:
> Deva,
>
> A honeypot can be any non-production system, so creating one can be
> as simple as getting a system setup with Windows or Linux while
> waiting for it to be attacked. The honeywall sits in between the
> honeypot and the network and helps with logging activities directed
> to or coming from the honeypot if it is compromised. It also helps
> limit the outgoing damage and associated liability if something does
> compromise the honeypot. And, the honeywall is designed to do this
> while trying to remain hidden from the outside.
>
> You can also create a series of honeypot systems and network that run
> virtually on a single system using some software called Honeyd.
nepenthes (nepenthes.mwcollect.org) is also an easy low-interaction
honeypot to start with. It emulates known Windows vulnerabilities and
catches quite a few different worms and bots.
A high-interaction honeypot is just some extra monitoring stuff (such
as the Roo honeywall) on top of a genuinely vulnerable system and
needs *constant* attention.
For a web-based honeypot, you could, e.g. install awstats, change the
version number to a vulnerable version (6.4 and below I think) and
then get it indexed on search engines. (see
http://ghh.sourceforge.net/ for other ways of doing web-based stuff).
The first reply concerns spam honeypots, which pretend to be open
relays, or open SOCKS proxies but actually throw away all the email
except the first test.
cheers,
Jamie
--
Jamie Riden / jamesr_at_europe.com / jamie.riden_at_computer.org
NZ Honeynet project - http://www.nz-honeynet.org/
Received on Aug 14 2006
Intro
