Dear List members ,
Thank you all for your valuable suggestions.
I have started looking at honeyd and nepenthes howtos .
Thanks once again .
Regards
-Deva
On 8/14/06, Jamie Riden <jamesr_at_europe.com> wrote:
> On 14/08/06, Brad Rubin <bsrubin_at_stthomas.edu> wrote:
> > Deva,
> >
> > A honeypot can be any non-production system, so creating one can be
> > as simple as getting a system setup with Windows or Linux while
> > waiting for it to be attacked. The honeywall sits in between the
> > honeypot and the network and helps with logging activities directed
> > to or coming from the honeypot if it is compromised. It also helps
> > limit the outgoing damage and associated liability if something does
> > compromise the honeypot. And, the honeywall is designed to do this
> > while trying to remain hidden from the outside.
> >
> > You can also create a series of honeypot systems and network that run
> > virtually on a single system using some software called Honeyd.
>
> nepenthes (nepenthes.mwcollect.org) is also an easy low-interaction
> honeypot to start with. It emulates known Windows vulnerabilities and
> catches quite a few different worms and bots.
>
> A high-interaction honeypot is just some extra monitoring stuff (such
> as the Roo honeywall) on top of a genuinely vulnerable system and
> needs *constant* attention.
>
> For a web-based honeypot, you could, e.g. install awstats, change the
> version number to a vulnerable version (6.4 and below I think) and
> then get it indexed on search engines. (see
> http://ghh.sourceforge.net/ for other ways of doing web-based stuff).
>
> The first reply concerns spam honeypots, which pretend to be open
> relays, or open SOCKS proxies but actually throw away all the email
> except the first test.
>
> cheers,
> Jamie
> --
> Jamie Riden / jamesr_at_europe.com / jamie.riden_at_computer.org
> NZ Honeynet project - http://www.nz-honeynet.org/
>
Received on Aug 15 2006
Intro
