Page 5 of 7 FirstFirst ... 34567 LastLast
Results 41 to 50 of 63

Thread: honeypots .. any experience?

  1. #41
    Senior Member lund99's Avatar
    Join Date
    Feb 2010
    Posts
    142

    Default

    DOH'!!

    So this is my last day of work before going on a 14 day vacation.

    I was REALLY hoping to get the honeynet up and running by now but I've been somewhat busy and I have also met some challenges along the way which kinda messed up my timeframe.

    HOWEVER, I have completed a lot of the things that needed doing so when I get back from work, at least I won't have to do much to complete the first stage.

    For those of you who are interested, I found a great tutorial site which contains tutorials for setting up a bridge box with snort_inline etc...

    check out www.openmaniak.com , they have a lot of different tutorials there which are quite simple to follow.

    As for me, I have bought THIS book and I hope to get through most of it during my vacation time.

    So even though I may have had to delay this project for a while now, I won't give it up.

    Stay tuned in about 2-3 weeks and I'll post more updates here and start a status thread for the honeypot once its up and running.

  2. #42
    Senior Member lund99's Avatar
    Join Date
    Feb 2010
    Posts
    142

    Default

    Am I behind schedule or what?

    Well, just to keep you guys posted, I have NOT given up this project at all but I have had other things on my mind for the last couple of weeks.

    I am currently reading up on honeynets in a book called "Virtual Honeypots - from botnet tracking to intrusion detection" to make sure that I won't forget everything I've learned so far while I wait for the time to get back to work on this project.

    I will continue with status updates etc. once I'm back at it.

  3. #43
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Thumbs up

    Quote Originally Posted by BOFH139 View Post
    Here is a pre-built VMWare Honeyd on Fedora 7 to get you started:

    http://www.vmware.com/appliances/directory/1231

    Also I know it not a honeypot but have a look at B.A.S.E & OSSIM, there was a long thrend on here about it ~3-4 months ago. They are IDS systems and you could place them infront of your Honey-pot system
    .
    By your mean of In-front indicate it as IPS system when it works In Inline mode but IDS can be placed anywhere cause they will get a copy of each packet destined for internal host.thus generating a alarm and taking action as request block or reset.based on action

  4. #44
    Senior Member lund99's Avatar
    Join Date
    Feb 2010
    Posts
    142

    Default

    OK, after to reading a book called Virtual Honeypots, I've somehow decided to start with a virtual honeypot :P

    I will launch this after 8 hours of sleep and a couple of hours more of work I will start of with a VM image of a Win 2000 machine and I will log all traffic and keystrokes on the machine. I will also limit outgoing traffic and block a lot of the common ports both incoming and outgoing to avoid worm traffic to and from the honeypot.

    Once online I will create a thread in this sub forum and post the status, results etc and keep this thread going when it comes to issues regarding the implementation and set-up of honeypots..

    I have also created a blog for this project: The HoneyProject which will also be used to post info about this and other honeynet projects I will start in the future... at first I wanted to create a website, but I decided that it would be too much work to create and maintain so I went the easy route and got myself a blogspot

  5. #45
    Senior Member lund99's Avatar
    Join Date
    Feb 2010
    Posts
    142

    Default

    OK, so my HDD totally crashed at the worst possible time last week (if you read my blog you can see a more detailed description of the incident there) and I haven't had the time to work any more on the project until now.

    On the other hand, though, Lance Spitzer from www.honeynet.org tipped me about their mailing list which I joined instantly and I have received a lot of useful tips from the users there already.

    Now my plan is to implement a complete honeynet on one machine using VMWare

    Since I got the W2K VM host all ready and installed, I need to install Honeywall as a VM on the same host machine, get the config right and hopefully I can get this thing up and running soon

    I have also made some minor changes on my blog, with links both to this forum and to the remote exploit main site to raise awareness about this community and the BackTrack distro.

  6. #46
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by cormega View Post
    OK, so my HDD totally crashed at the worst possible time last week (if you read my blog you can see a more detailed description of the incident there) and I haven't had the time to work any more on the project until now.

    On the other hand, though, Lance Spitzer from www.honeynet.org tipped me about their mailing list which I joined instantly and I have received a lot of useful tips from the users there already.

    Now my plan is to implement a complete honeynet on one machine using VMWare

    Since I got the W2K VM host all ready and installed, I need to install Honeywall as a VM on the same host machine, get the config right and hopefully I can get this thing up and running soon

    I have also made some minor changes on my blog, with links both to this forum and to the remote exploit main site to raise awareness about this community and the BackTrack distro.
    If you have a choice of OS to run as a VMware session for your honeypot, you should choose something like Win98 or WinME.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #47
    Senior Member lund99's Avatar
    Join Date
    Feb 2010
    Posts
    142

    Default

    LOL, sorry I see I've mistyped the previous post a bit .. my host OS is XP but on that host I have set up a guest VM machine with an unpatched Windows 2000 Professional...

    But win ME and 98 would most definitely be a good addition if i really want to attrackt some bad traffic

  8. #48
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    What you need to do is set it up so that if they get a remote shell they get this:

    http://www.computerbrains.com/ccs64/
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #49
    Senior Member lund99's Avatar
    Join Date
    Feb 2010
    Posts
    142

    Default

    Quote Originally Posted by streaker69 View Post
    What you need to do is set it up so that if they get a remote shell they get this:

    http://www.computerbrains.com/ccs64/
    hahaha, that would be sweet.. however, it wouldn't be the same without a live camera feed of the reaction of whoever maintains access and suddenly finds themselves in a C64 prompt

  10. #50
    Senior Member lund99's Avatar
    Join Date
    Feb 2010
    Posts
    142

    Default

    Ahhh, I finally got a virtual honeypot working fine using a host machine with VMWARE and one Windows 2000 Proffesional guest machine and one Honeywall guest machine.

    I will continue this thread to have a Q&A thread for honeypot's and I'm about to create a status thread in this same sub forum as well.

    The project kinda ended up in me creating a blog about my honeypot attempts called "The Honeyproject" and I plan to keep it going and posted with relevant info, news and after a while I'll give a go at authoring some pretty thorough HOWTO's as well after gaining some more knowledge and experience about this particular topic

    So to follow my status you can either check out the thread I'm about to start or drop by my site once in a while.. (I'd appreciate some traffic )

Page 5 of 7 FirstFirst ... 34567 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •