PaulDotCom mailing list archives
Deploying Honeypots for Home Network Monitoring
From: theconqueror at gmail.com (Brian Schultz)
Date: Sun, 08 Feb 2009 20:08:28 -0500
You might also want to take a look at the book Virtual Honeypots: From Botnet Tracking to Intrusion Detection. One of the authors wrote honeyd. A lot of the information you can find online, but the next time you're at a bookstore thumb though it and maybe something will pop out at you http://www.amazon.com/Virtual-Honeypots-Tracking-Intrusion-Detection/dp/0321336321 Brian Gray wrote:
Instead of posting up a real windows box use something like Fake NetBIOS with honeyd instead. http://www.darknet.org.uk/2007/06/fake-netbios-tool-simulate-windows-hosts/ http://www.honeyd.org/ Might be easier if you used something like a Cisco ASA and just dump the invalid traffic to a dmz. If cost is an issue perhaps something free like Cobia that supports multiple DMZ interfaces for free. http://www.cisco.com/en/US/products/ps6120/ http://www.stillsecure.com/cobia/ On Tue, Dec 23, 2008 at 2:52 PM, <infolookup at gmail.com <mailto:infolookup at gmail.com>> wrote: Thanks everyone for the great input keep them comming. This is the setup I am thinking about: Currently I have a FW, I will connect a second FW (Smoothwall or Astaro)from the DMZ interface of the first FW, then connect a cisco 2900 switch to an interface on the second FW then connect the Honeypot to that switch. It would be nice to here how others are setting up there labs. ------Original Message------ From: Aa'ed Alqarta To: infolookup at gmail.com <mailto:infolookup at gmail.com> To: PaulDotCom Security Weekly Mailing List Sent: Dec 23, 2008 12:51 PM Subject: Re: [Pauldotcom] Deploying Honeypots for Home Network Monitoring I used to NAT all nasty traffic coming to my FW to a box running Nepenthes and monitor it. Running un-patched Windows is much better becuase you get the real stuff. Make sure to secure them by a FW or get a separate DSL line. On Tue, Dec 23, 2008 at 4:47 PM, <infolookup at gmail.com <mailto:infolookup at gmail.com> <mailto:infolookup at gmail.com <mailto:infolookup at gmail.com>> > wrote: Hello All: I have been doing some brief research on Honeypots, and Botnets after looking at my Firewall logs and noticing a few specify IP address that try to attack my network around the clock. This has caused me to look into a test environment where I could better monitor these activities. Any and all suggestions are welcomed. Sent from my Verizon Wireless BlackBerry _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com <mailto:Pauldotcom at mail.pauldotcom.com> <mailto:Pauldotcom at mail.pauldotcom.com <mailto:Pauldotcom at mail.pauldotcom.com>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> Main Web Site: http://pauldotcom.com <http://pauldotcom.com/> <http://pauldotcom.com/> -- Do It Securely or Not At All http://extremesecurity.blogspot.com <http://extremesecurity.blogspot.com/> <http://extremesecurity.blogspot.com <http://extremesecurity.blogspot.com/>> Sent from my Verizon Wireless BlackBerry _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com <mailto:Pauldotcom at mail.pauldotcom.com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com <http://pauldotcom.com/> -- -Brian W. Gray ------------------------------------------------------------------------ _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Deploying Honeypots for Home Network Monitoring Brian Schultz (Feb 08)