OK, so my HDD totally crashed at the worst possible time last week and I haven't had the time to work any more on the project.
On the other hand, though, Lance Spitzer from www.honeynet.org tipped me about their mailing list which I joined instantly and I have received a lot of useful tips from the users there already.
Now my plan is to implement a complete honeynet on one machine using VMWare ;)
Since I got the W2K VM host all ready and installed, I need to install Honeywall as a VM on the same host machine, get the config right and hopefully I can get this thing up and running soon :)
Tuesday, August 5, 2008
Friday, August 1, 2008
...or not
Great, just when I was putting the finishin touch on my honeywall the machine it is on had a disk error (!!!) and is more or less useless now.
Its hard to say what happened but after rebooting the Honeywall machine, the disk started making some really disturbing noises on Linux boot and it never completed the boot. It just stopped after a ton of block errors.
I still have the honeypot ready but without data capture and data control it is more or less useless to put it online at this moment.
I was really hoping to put the honeypot online today but now it seems as though I will have to wait a couple of more days as I don't have the time to work on this project until sunday at the soonest.
Its hard to say what happened but after rebooting the Honeywall machine, the disk started making some really disturbing noises on Linux boot and it never completed the boot. It just stopped after a ton of block errors.
I still have the honeypot ready but without data capture and data control it is more or less useless to put it online at this moment.
I was really hoping to put the honeypot online today but now it seems as though I will have to wait a couple of more days as I don't have the time to work on this project until sunday at the soonest.
T Minus 15 hours and 40 minutes ... or something
Getting ready to launch the first honeypot which, as previously mentioned, will be a VM image of Windows 2000 Professional.
I will use Sebek to log keystrokes on the w2k box, wireshark for traffic analyzation and some freeware Firewall to block incoming and outgoing traffic on certain ports to avoid worm traffic etc..
In addition, I will also limit the amount of allowed outgoing traffic to ensure that the box can't be used to compromise other systems.
I will post the full details about the honeypot as soon as it is launced, right now I gotta get some sleep before I continue my work.
I will use Sebek to log keystrokes on the w2k box, wireshark for traffic analyzation and some freeware Firewall to block incoming and outgoing traffic on certain ports to avoid worm traffic etc..
In addition, I will also limit the amount of allowed outgoing traffic to ensure that the box can't be used to compromise other systems.
I will post the full details about the honeypot as soon as it is launced, right now I gotta get some sleep before I continue my work.
Thursday, July 31, 2008
First post
This blog will follow my first attempt at creating a honeypot, hopefully it will turn out to be a success and I can move on to creating and managing entire honeynets and keep posting results and related info here.
For those who don't know, a honeypot is a machine or system designated to attract nefarious traffic towards itself to help analyze different attack methods and to gain more knowledge about the methods used to gain access to and exploit different computer systems.
I know this is a very basic explanation and I won't go too far into the specifics of what a honeypot or a honeynet is on this blog, in my future posts I will assume that my readers are familiar with the terms and the functions of these.
If you are unfamiliar with the terms honeynet or honeypot - I suggest you take some time to search for more info on it on google and wikipedia. you should be able to find all the info needed there in a matter of minutes.
My intention behind this blog is to easily share the knowledge I gain from this project with anyone who might be interested.
As a beginner wihtin the honeynet field of IT security I will share both the process of creating honeypots and honeynets and the evolution of these once I put them online.
At the current moment I am working on my first honeypot and I will post status updates and other relevant info here regularly.
The honeypot I am about to implement is a virtual one set up with VMWare, the OS I am beginning with is an unpatched version of Windows 2000.
For those who don't know, a honeypot is a machine or system designated to attract nefarious traffic towards itself to help analyze different attack methods and to gain more knowledge about the methods used to gain access to and exploit different computer systems.
I know this is a very basic explanation and I won't go too far into the specifics of what a honeypot or a honeynet is on this blog, in my future posts I will assume that my readers are familiar with the terms and the functions of these.
If you are unfamiliar with the terms honeynet or honeypot - I suggest you take some time to search for more info on it on google and wikipedia. you should be able to find all the info needed there in a matter of minutes.
My intention behind this blog is to easily share the knowledge I gain from this project with anyone who might be interested.
As a beginner wihtin the honeynet field of IT security I will share both the process of creating honeypots and honeynets and the evolution of these once I put them online.
At the current moment I am working on my first honeypot and I will post status updates and other relevant info here regularly.
The honeypot I am about to implement is a virtual one set up with VMWare, the OS I am beginning with is an unpatched version of Windows 2000.
Subscribe to:
Posts (Atom)