Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Building a Honeypot...

Reply
Thread Tools

Building a Honeypot...

 
 
obtix
Guest
Posts: n/a
 
      01-12-2005
I am building a Honeypot for my college to use in the near future. The
system is already built and is about an avg. desktop pc, the system is
and must be running linux (I have already configured a very dependable
Debian 3.1 box running kernel 2.6.10). Now what I need:
I need the Honeypot to be able to emulate various Windows system as
well as Linux, Unix, and Mac OSX systems. Logging is key but more
importantly it needs to be stable and be able to handle attacks on the
emulated OSs with out crashing the Debian system.
I have looking into two solutions so far, one I through out instantly
and the other (which I was leaning towards) is having many install
probelms (honeyd - honeyd.org). Any help, suggestions, ideas?

 
Reply With Quote
 
 
 
 
donnie
Guest
Posts: n/a
 
      01-12-2005
On 11 Jan 2005 16:35:30 -0800, "obtix" <(E-Mail Removed)> wrote:

>I am building a Honeypot for my college to use in the near future. The
>system is already built and is about an avg. desktop pc, the system is
>and must be running linux (I have already configured a very dependable
>Debian 3.1 box running kernel 2.6.10). Now what I need:
>I need the Honeypot to be able to emulate various Windows system as
>well as Linux, Unix, and Mac OSX systems. Logging is key but more
>importantly it needs to be stable and be able to handle attacks on the
>emulated OSs with out crashing the Debian system.
>I have looking into two solutions so far, one I through out instantly
>and the other (which I was leaning towards) is having many install
>probelms (honeyd - honeyd.org). Any help, suggestions, ideas?

##############################
I just went to www.honeypot.com
and here's what I found:

This site is defaced!!!
--------------------------------------------------------------------------------
NeverEverNoSanity WebWorm generation 21.

You might find some honeypot info at:
http://www.honeynet.org/

http://www.maconlinux.org/
There is something about Mac on Linux

http://www.winehq.com/
Windows emulation.

I don't know about the Unix emulator. You didn't mention what the
install problems are.
donnie.

 
Reply With Quote
 
 
 
 
obtix
Guest
Posts: n/a
 
      01-12-2005
Well, thats kinda funny at honeypot.com... When I mean emulation I
don't mean those actual OS's are running - honeyd is supposed to
emulate them in scripts. A script will; for example, in a linux system
cause it to apear as a windows system from the other end of the network.

 
Reply With Quote
 
donnie
Guest
Posts: n/a
 
      01-12-2005
On 11 Jan 2005 17:54:01 -0800, "obtix" <(E-Mail Removed)> wrote:

>Well, thats kinda funny at honeypot.com... When I mean emulation I
>don't mean those actual OS's are running - honeyd is supposed to
>emulate them in scripts. A script will; for example, in a linux system
>cause it to apear as a windows system from the other end of the network.

##########################
In other words, you're trying to fool amyone who is trying to
fingerprint the server. If your honeypot is acting as a web server
and I use www.netcraft.com to see what your server is running, it's
only going to give me one current answer. I don't know if you can
fool it. Of course, there are other ways to fingerprint the server.
One is by ICMP responses. as shown at:
http://www.sys-security.com/html/projects/X.html
Others are by a query to the TCP/IP stack
http://www.insecure.org/nmap/nmap-fi...g-article.html

Do a google search for OS fingerprinting.
donnie

I suggest that you read some docs on
 
Reply With Quote
 
obtix
Guest
Posts: n/a
 
      01-12-2005
That is how honeyd does it.. using fingerprint responses (actually if I
am not mistaken they are the same responses from nmap). I really want
to use honeyd because of the features but it won't install correctly.
It is nice because I can make a whole virtual network inside of one
machine and that machine can have a different IP and MAC for each OS it
emulates. There is alos the Honeynet CDROM from the Honeynet Project...
This works awesome as it is but is a bootable cd. I need a more secure
solution being this is going to used on a college network.

 
Reply With Quote
 
donnie
Guest
Posts: n/a
 
      01-13-2005
On 12 Jan 2005 09:57:06 -0800, "obtix" <(E-Mail Removed)> wrote:

>That is how honeyd does it.. using fingerprint responses (actually if I
>am not mistaken they are the same responses from nmap). I really want
>to use honeyd because of the features but it won't install correctly.
>It is nice because I can make a whole virtual network inside of one
>machine and that machine can have a different IP and MAC for each OS it
>emulates. There is alos the Honeynet CDROM from the Honeynet Project...
>This works awesome as it is but is a bootable cd. I need a more secure
>solution being this is going to used on a college network.

########################
I just looked at my FreeBSD box and honeyd is in the ports collection.
I didn't install it since I don't need a honeypot. In any event, we
might be able to get you through the install problems. Are they
dependency problems? What error messages are you getting? Search the
error messages on google. That has helped me a lot.
donnie.
 
Reply With Quote
 
obtix
Guest
Posts: n/a
 
      01-13-2005
Actually I got it installed... I've even gotten it working (since my
first message, I was one of the first to use the new version there was
a SMALL problem in a perl dep.). The main problem is that this is my
last semester now... I need something that will be easy for me to pass
down the line when I'm gone. Once the script is setup I feel it won't
be to bad but I was looking for other options - maybe a menu system.
Also, I have since heard about something called S.P.A.N.K I think that
this might provide a java based X interface for the person running the
honeypot.

 
Reply With Quote
 
sh4d03
Guest
Posts: n/a
 
      01-13-2005
obtix wrote:
> Actually I got it installed... I've even gotten it working (since my
> first message, I was one of the first to use the new version there was
> a SMALL problem in a perl dep.). The main problem is that this is my
> last semester now... I need something that will be easy for me to pass
> down the line when I'm gone. Once the script is setup I feel it won't
> be to bad but I was looking for other options - maybe a menu system.
> Also, I have since heard about something called S.P.A.N.K I think that
> this might provide a java based X interface for the person running the
> honeypot.
>


Obtix, would you mind if I E-mailed you? I'm VERY interesetd in setting
up a honeynet - am acutally thinking of starting it tonight. Just want
to contact you and get you to share your thoughts on what my options are
and what would best serve what I want to do.

If you would prefer me to contact you on another Email address which you
don't wish to publish here just follow the instructions below to contact me.

Thanks in advance,

Sh4d03

--
If you require more assistance or if my suggestion works please E-mail me at
sh4d03 [at] TPG [dot] com [dot] au. Additionally, if you are able to provide
assistance to me and wish to E-mail me directly please also feel free to
contact me in this manner. Please ensure you include "Newsgroup_sh4d03"
in the
subject line. Please pay attention to the capitilisation. Emails sent to
this the above address which do NOT contain "Newsgroup_sh4d03" in the
subject line will fail to reach me.
Thanks,
Sh4d03
 
Reply With Quote
 
donnie
Guest
Posts: n/a
 
      01-13-2005
On 12 Jan 2005 23:09:16 -0800, "obtix" <(E-Mail Removed)> wrote:

>Actually I got it installed... I've even gotten it working (since my
>first message, I was one of the first to use the new version there was
>a SMALL problem in a perl dep.). The main problem is that this is my
>last semester now... I need something that will be easy for me to pass
>down the line when I'm gone. Once the script is setup I feel it won't
>be to bad but I was looking for other options - maybe a menu system.
>Also, I have since heard about something called S.P.A.N.K I think that
>this might provide a java based X interface for the person running the
>honeypot.

#########################
I'm glad it's installed. I just don't know what you mean by pass down
the line. You mentioned that it's your last semester. Apparently,
it's a school project. Does your grade depend on what you leave for
the next class? I don't know what scripts are needed. You shouldn't
have to provide an X based interface for next crew. That should be
there problem.
donnie
 
Reply With Quote
 
obtix
Guest
Posts: n/a
 
      01-14-2005
Yeah, it would be great to have some more input as well as assist you
with anything. Email me at http://www.velocityreviews.com/forums/(E-Mail Removed). I am on a small vacation
for the weekend but will be using the web-based stuff to check it on a
daily basis.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Link Building Services| Link Building Company|Webs abrahim Java 0 12-27-2009 02:31 PM
Connecting Wireless Network from Building to Building Jim Wireless Networking 5 10-05-2007 03:54 PM
Firefighters at the site of WTC7 "Move away the building is going to blow up, get back the building is going to blow up." Midex Python 24 05-07-2007 04:23 AM
Wireless building-to-building 101 Tim Jacob Wireless Networking 2 02-17-2006 09:46 AM
Building to Building wireless Patriot Cisco 2 11-04-2003 05:07 PM



Advertisments