So I am riding on plane early on a Monday morning traveling for work as i too often do. Its a small plane, 2x2 rows type deal....and my companion is a trench coat mafia wearing, shoot up the school...

Hello BT community. I’ve had some conversations a while back with some members about honeynets and Single Packet Auth mechanisms and I thought I’d share a console based Single Packet application I...

Hey >Dart>, dont see anything wrong with it right off the bat. maybe I should review at an earlier hour and after less to drink :)

but another way to do it that i have has success with, you may...

I believe it kills the connection queue of the router as it has to handle the outbound connection attempt from your image running nmap and the inbound connection as it gets routed back from your now...

This is a good read..........

hxxp://beej.us/guide/bgnet/

I've seen some very nice perl scripts that do in 5 lines what it takes 100 lines of java to do. But for me, it just isn't documented as well as java. If you are open to doing it java, it is very easy...

Hey KMDave,

hxxp://netresearch.ics.uci.edu/kfujii/jpcap/doc/download.html

these folks put out a great java wrapper to libpcap that allows you to code a custom listener really quick and easy....

I am a DePaul alum as well.....MS in Software Engineering...and I would say it is a good choice. Their Distance Learning worked out very well for me. Between a full-time job, the kids, and the...

You would not need to have a UDP port open. With my application as well fwknop or cryptknock, or others you could read about on hxxp://www.portknocking.org/view/implementations .....they use a...

KMDave: I would share it, but I am actually in the process of trying to bring it to market (if there is one for this...at least have to try). I have done a number of things to try to scale this up to...

Yeah it is like port knocking. It is also called single packet authorization. Basically i wrote a client side component that crafts a UDP packet with a pre-shared key and a timestamp that is...

I don't know if anyone else is interested, but if we are on the subject of custom firewalls I'd like to see if you are doing anything interesting or unique with your rule set. I have made a few...

I was actually looking into something along the same lines as sacowan. I would like to work remotely in a part-time capacity in the network security/pen testing world. I am a software developer by...

I found a rather simple script upon which to build at /etc/rc.d/rc.FireWall start|stop|status

I’m a big proponent of school. It certainly can’t teach you everything, and sometimes you’ll have to work hard to get a lot out of it. But it certainly helped me get involved in security. I’m a real...

If you have access to an ssh box somewhere else, you could connect to that ssh server through your buddies AP and then tunnel all of your http traffic through that ssh connection by changing your...

I've only played around with it a little bit, but you can use Sebek for that. Its a client/server app designed to capture cmd.exe usage. The client gets installed on you w2k box and sends UDP packets...

There was free product called Windows Forensics ToolChest that i was using to collect system info. I think they went commercial with it though. So i made my own script modeled after the way they did...

For the most part, I think its going to depend on what you want to accomplish. You could tailor your honeynet to test any number of services/configurations and the vulnerabilities that come with...

I forgot, if you can get your hands on a hub instead of a switch, you should do so, cause with a hub you will be able to pick up traffic between your honeypot boxes.

Yeah the tap is very cool. I had not appreciated the detectability of the bridge structure. I thought having no ip bought me more invisibility than it really does.

I changed jobs just a little...

I had not heard of a passive tap before reading this thread. Is there an advantage to using them over creating a bridge with bridge-utils?

Cormega, first off honeynets are an awesome way to learn about security, hacking, and networking in general. I would be happy to share with you experiences and setup info.

I was using 3 nics with...

I've had some experience setting up honeynets and the way i would suggest is to use one of your boxes as a bridge, with one nic going to the internet and the other going to a switch or directly to...

I've used Sebek on windows honetpots to log cmd line to a linux box that was monitoring all the traffic. Worked pretty nice, they have a linux client as well you can get at honeynet.org/tools/sebek/.