Results 1 to 10 of 32

Thread: Honeynet project status thread

Hybrid View

  1. #1
    Senior Member lund99's Avatar
    Join Date
    Feb 2010
    Posts
    142

    Default Honeynet project status thread

    OK, So I finally got the thing going and decided it was best to create a thread dedicated to the status of my project and keep the other one going as a Q&A thread.

    Right now I've just deployed a virtual honeynet using VMWARE Workstation consisting of one unpatched windows 2000 proffessional guest and one Honeywall guest.

    As it is just launched, there's nothing to report yet but I will keep you posted about whatever I might find interesting, stay tuned

    Also I'd appreciate all support & traffic to my blog, The Honeyproject


    EDIT: Windows 2000 Pro unpatched was a hilarious little experiment which got infected by thousands of worms in a matter of minutes. That project was scrapped within hours and I moved on to a Windows 2003 x64 enterprise on and Honeywall, still under VMWare.

  2. #2
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    You may also want to look at nepenthes http://nepenthes.mwcollect.org/download bit over my head but..

  3. #3
    Senior Member lund99's Avatar
    Join Date
    Feb 2010
    Posts
    142

    Default

    yeah, I'll try too look into that, but i gotta take it one step at a time so it'll probably take a while

  4. #4
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    Let me know if you get into it there is a site that tracks the bins but you have to be a member and I never could get anywhere with it .. basicly if you could rev the code then you got the latest bleeding 0day malware and that's no good for skids

    I also watch this a while back .. also search videos for malware and honeypots you get some crazy ideas

    http://video.google.com/videoplay?do...57023578163321
    http://video.google.com/videoplay?do...42832546263615

  5. #5
    Senior Member lund99's Avatar
    Join Date
    Feb 2010
    Posts
    142

    Default

    Quote Originally Posted by operat0r View Post
    Let me know if you get into it there is a site that tracks the bins but you have to be a member and I never could get anywhere with it .. basicly if you could rev the code then you got the latest bleeding 0day malware and that's no good for skids

    I also watch this a while back .. also search videos for malware and honeypots you get some crazy ideas

    http://video.google.com/videoplay?do...57023578163321
    http://video.google.com/videoplay?do...42832546263615
    I think that it might be a bit out of my league for the moment But I will definitely look into it once I get a better understanding of the different topics involved with honeynets.

    Thanks for the idea though, operat0r, and I will check out those vids in a little while..


    I actually ditched my entire honeynet yesterday It turned out that monitoring an unpatched W2K machine was no fun as it got compromised by worms etc in about three minutes.

    I actually tried to do a fresh w2k install and just go straight to windows update to get it patched & protected and it still got compromised before the first patch had begun downloading

    Therefore I'm moving on to a little more complex set-up.

    To give you the basics of my new honeynet, it will look somethin like this (keep in mind these are all VMWare machines):

    First of all I got the honeywall to monitor and log, and if necessary - control the amount of data which is able to leave the honeypot.

    The honeypot I'm about to implement now is a W2003 x64 enterprise, fully patched and updated.

    Also, I'm considering putting one last box into the mix - this time I want a Linux box of some sort and I want it to be vulnerable to exploits etc but I don't want it to be open for worm traffic etc (which I suspect won't be as big of an issue with Linux as it was with w2k anyway).. But since I'm not sure what distro and which version to use here, I was hoping you guys had some suggestions for me?


    Anyway, be sure to follow my blog The HoneyProject as this is where I will post most of the info regarding my honeynet, the data captured, screens etc..

    I will naturally keep this thread moving as well, but it is easier to publish it all in one location so that is why I decided to start a blog in the first place.

  6. #6
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Hey, I just happened across this: http://www.snort.org/dl/contrib/patc...it_and_switch/

    thought you might be interested in it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •