Honeypots mailing list archives
RE: Data Capture and Data Control
From: "Gonzalez, Albert" <albert.gonzalez () eds com>
Date: Thu, 13 Mar 2003 01:48:30 -0500
If i read this right, you're seeing scans from _YOUR_ honeypots, correct? Are you generating traffic from your honeypots? I've seen this when attempting to download various packages and when I hit a website, all those packets.. spp_portscan2 will see them as a portscan orignating from my honeypots. Like Rob Stated, a pcap or ascii dump of the packets/alerts would be helpful. Cheers, Alberto Gonzalez -----Original Message----- From: yoshi03j () mac com [mailto:yoshi03j () mac com] Sent: Wednesday, March 12, 2003 5:03 PM To: SND13571 () nifty com Cc: honeypots () securityfocus com Subject: Data Capture and Data Control Hello, I 'm interested in Honeypots, especially Virtual honeynets with VMware. I am trying making virtual honeynet. I refer Know Your Enemy: Learning with VMware and modify "rc.firewall" , now starting operation in a lab. Now I have some questions; first, the script rc.firewall makes interfaces br0 and eth0 no IP addresses and set 0.0.0.0, so our host os doesn't have any IP address, I cannot Data Capture for ONLY our honeypot. Also, I have another IDS machine in a lab network, I can notice some scans for our honeypot's IP address and other machine's honeypot. But TCPFLOW on our Honeypot's host os doesn't capture ONLY the IP address of the honeypot. Please some advises for me and tell me why I need make honeypot and bridge no IP address. I do want to get datas of HONEYPOT. Regards, Yoshihiro Shibuya (SND13571 () nifty com) (griffinmh () yahoo co jp)
Current thread:
- Data Capture and Data Control yoshi03j (Mar 12)
- Re: Data Capture and Data Control Rob McMillen (Mar 12)
- Re: Data Capture and Data Control Yoshihiro Shibuya (Mar 13)
- <Possible follow-ups>
- RE: Data Capture and Data Control Gonzalez, Albert (Mar 13)
- Re: Data Capture and Data Control Rob McMillen (Mar 12)