1 |
On Sat, 17 Sep 2011 19:14:06 +0800 |
2 |
William Kenworthy <billk@×××××××××.au> wrote: |
3 |
|
4 |
> I am looking at using a honeypot for a research project - need to put |
5 |
> something "safe" to attract packets, scans etc. I was thinking of a |
6 |
> heavily stripped gentoo vm (in virtualbox) running honeyd, but the |
7 |
> ebuild for honeyd is looking like its getting quite old - according to |
8 |
> the honeyd website its 2007-05-27. |
9 |
> |
10 |
> Is there an alternative? I need to dump raw packets (pcap format) |
11 |
> from an unprotected network connection but dont want to risk getting |
12 |
> actually "hacked". |
13 |
|
14 |
|
15 |
backtrack. |
16 |
|
17 |
Awesome tool. Our risk and pentest guys use it lots with honeypots |
18 |
scattered all over the network, most of them serving no other purpose |
19 |
than to catch my team out so we owe them lots of beer :-) |
20 |
|
21 |
Seriously though, it comes up as a full distro so runs in a VM nicely |
22 |
and is designed to be a security tool. The plumbing you need to |
23 |
not give away that something in a honeypot is already in place. I |
24 |
consider this to be much better than most efforts we'd make to roll our |
25 |
own |
26 |
|
27 |
|
28 |
|
29 |
-- |
30 |
Alan McKinnnon |
31 |
alan.mckinnon@×××××.com |