Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Honeypots: Re: Honey Pot Creation

Re: Honey Pot Creation

From: David Watson <david_at_honeynet.org.uk>
Date: Thu, 17 Aug 2006 11:33:52 +0100

Dev,

Worth a read when getting started with honeypots are:

The Honeynet Project books
http://www.amazon.com/gp/product/0321166469/sr=8-1/qid=1155810395/ref=pd_bbs_1/104-2156992-8800761?ie=UTF8
http://www.amazon.com/gp/product/0321108957/sr=1-1/qid=1155810448/ref=pd_bbs_1/104-2156992-8800761?ie=UTF8&s=books

Roger Grimes's "Honeypots for Windows" book:
http://www.amazon.com/gp/product/1590593359/sr=1-2/qid=1155810484/ref=sr_1_2/104-2156992-8800761?ie=UTF8&s=books

And I`d take a look existing low and high interaction honeypot solutions:

http://www.securitywizardry.com/honeypots.htm

Most are pretty straight forward to test and experiment with in a lab.

Hopefully these links should be enough to get you started, good luck!

Thanks,

David

Dev Anand wrote:
> Dear List members ,
>
> Thank you all for your valuable suggestions.
>
> I have started looking at honeyd and nepenthes howtos .
>
> Thanks once again .
>
> Regards
> -Deva
>
> On 8/14/06, Jamie Riden <jamesr_at_europe.com> wrote:
>> On 14/08/06, Brad Rubin <bsrubin_at_stthomas.edu> wrote:
>> > Deva,
>> >
>> > A honeypot can be any non-production system, so creating one can be
>> > as simple as getting a system setup with Windows or Linux while
>> > waiting for it to be attacked. The honeywall sits in between the
>> > honeypot and the network and helps with logging activities directed
>> > to or coming from the honeypot if it is compromised. It also helps
>> > limit the outgoing damage and associated liability if something does
>> > compromise the honeypot. And, the honeywall is designed to do this
>> > while trying to remain hidden from the outside.
>> >
>> > You can also create a series of honeypot systems and network that run
>> > virtually on a single system using some software called Honeyd.
>>
>> nepenthes (nepenthes.mwcollect.org) is also an easy low-interaction
>> honeypot to start with. It emulates known Windows vulnerabilities and
>> catches quite a few different worms and bots.
>>
>> A high-interaction honeypot is just some extra monitoring stuff (such
>> as the Roo honeywall) on top of a genuinely vulnerable system and
>> needs *constant* attention.
>>
>> For a web-based honeypot, you could, e.g. install awstats, change the
>> version number to a vulnerable version (6.4 and below I think) and
>> then get it indexed on search engines. (see
>> http://ghh.sourceforge.net/ for other ways of doing web-based stuff).
>>
>> The first reply concerns spam honeypots, which pretend to be open
>> relays, or open SOCKS proxies but actually throw away all the email
>> except the first test.
>>
>> cheers,
>> Jamie
>> --
>> Jamie Riden / jamesr_at_europe.com / jamie.riden_at_computer.org
>> NZ Honeynet project - http://www.nz-honeynet.org/
>> 

-- 
David Watson
UK Honeynet Project
www.ukhoneynet.org
david_at_honeynet.org.uk
Received on Aug 17 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos