Sweet! I got the WEB GUI running after getting some more help from the honeynet.org mailing list.
I submitted my question and 20 minutes later it was up and running and I could easily configure my Honeywall through a nice Web Interface which is way more intuitive than the old school one.
BUT after only about 20 minutes, the W2K box was flooded with worms, spyware and other pretty uninteresting stuff so I decided to ditch the whole project as it were and start again - this time at a little higher level to avoid that whole worm/spyware crap.
For starters, a Windows 2000 Pro box will get compromised by worm and other automated traffic in about 3 minutes whether you surf online or not, and this is NOT what I am looking for at all. So because of this I decided to kick it up a notch and install a Win 2003 x64 enterprise edition as my honeypot. I will patch it with the latest available Microsoft updates and install some services like IIS and perhaps SQL.
In addition to this, I want to add some sort of Linux box to the mix with some vulnerable services (I'm hoping that the Linux boxes won't attract so much automated worm traffic).
I have now learned how to configure the Honeywall under VMWare, set it up as a bridge for other VMWare machines and get the Web GUI running.
Therefore I'm guessing this set-up will be complete within a day or two and when it is done I will finally have a honeypot which has a level of security that will exclude the risk of getting flooded with worm traffic but still will look appealing to anyone who might be interested in doing some damage.
I'm sorry that I don't have any screens of the Honeywall and how the GUI looked when it was monitoring the W2K box, but if you give me some time now I will give you everything you desire and more :) plus, it will be much more interesting to analyze the actions performed by an actual person as opposed to the automated traffic from worms etc...
Showing posts with label honeywall. Show all posts
Showing posts with label honeywall. Show all posts
Thursday, August 7, 2008
Tuesday, August 5, 2008
Setbacks & Progress
OK, so my HDD totally crashed at the worst possible time last week and I haven't had the time to work any more on the project.
On the other hand, though, Lance Spitzer from www.honeynet.org tipped me about their mailing list which I joined instantly and I have received a lot of useful tips from the users there already.
Now my plan is to implement a complete honeynet on one machine using VMWare ;)
Since I got the W2K VM host all ready and installed, I need to install Honeywall as a VM on the same host machine, get the config right and hopefully I can get this thing up and running soon :)
On the other hand, though, Lance Spitzer from www.honeynet.org tipped me about their mailing list which I joined instantly and I have received a lot of useful tips from the users there already.
Now my plan is to implement a complete honeynet on one machine using VMWare ;)
Since I got the W2K VM host all ready and installed, I need to install Honeywall as a VM on the same host machine, get the config right and hopefully I can get this thing up and running soon :)
Subscribe to:
Posts (Atom)