Wednesday, August 6, 2008

up & running !! :D

Ahhh, I finally got a virtual honeypot working fine using a host machine with VMWARE and one Windows 2000 Proffesional guest machine and one Honeywall guest machine.

With Sebek installed on my W2K machine I will be able to silently log any activity (keystrokes, file uploads etc) performed by persons who have illegaly gained access to my virtual honeypot.

Setting up a W2K machine in VMWare is pretty simple if you have used a computer for more than a week, just get VMWare and a W2K cd and you'll have a highly vulnerable honeypot in minutes :)

The honeywall on VMWare part, however, turned out to be a bit more tricky. The initial set-up after install was a bit too confusing for me and I messed it up quite a few times before I finally managed to get it right.

The mailing list for The Honeywall project ended up saving me and there are plenty of intelligent and experienced users there so that is a good tool to use if you are planning to deploy a honeywall of your own.

As we speak my W2k box is out in the wild waiting to get taken over and I will keep posting status info here as things evolve :)

The only annoying thing I still haven't got working quite yet is the Walleye feature of the Honeywall which is a HTTP GUI interface for the data output you will gain from your honeypot but I'm guessing I'll be able to sort that out in a few days.

No comments: