Friday, August 8, 2008

quick update

OK, just to give you an impression of what a snort incident looks like when you review it from the Honeywall Walleye GUI.

What you see here is nothing special, just an automated SQL Worm attempt, logged by snort, which is implemented in Honeywall.
There are several sub features from this menu, you can download the flow in .pcap format to analyze in Wireshark or get more details from the snort data.

So far this is the only traffic I have seen as well, and it will probably remain like this for a little while.
I will keep updating regularly as I learn more about the usage of Honeywall, Snort and Walleye - Hopefully I will, in the end, be able to release a complete guide showing how to setting up a virtual honeynet and analyzing data.

But that little project will probably take its time as I want to learn as much as possible on my own before I start writing any guides :p

No comments: