| 1 |
On Sat, 17 Sep 2011 19:14:06 +0800 |
| 2 |
William Kenworthy <billk@×××××××××.au> wrote: |
| 3 |
|
| 4 |
> I am looking at using a honeypot for a research project - need to put |
| 5 |
> something "safe" to attract packets, scans etc. I was thinking of a |
| 6 |
> heavily stripped gentoo vm (in virtualbox) running honeyd, but the |
| 7 |
> ebuild for honeyd is looking like its getting quite old - according to |
| 8 |
> the honeyd website its 2007-05-27. |
| 9 |
> |
| 10 |
> Is there an alternative? I need to dump raw packets (pcap format) |
| 11 |
> from an unprotected network connection but dont want to risk getting |
| 12 |
> actually "hacked". |
| 13 |
|
| 14 |
|
| 15 |
backtrack. |
| 16 |
|
| 17 |
Awesome tool. Our risk and pentest guys use it lots with honeypots |
| 18 |
scattered all over the network, most of them serving no other purpose |
| 19 |
than to catch my team out so we owe them lots of beer :-) |
| 20 |
|
| 21 |
Seriously though, it comes up as a full distro so runs in a VM nicely |
| 22 |
and is designed to be a security tool. The plumbing you need to |
| 23 |
not give away that something in a honeypot is already in place. I |
| 24 |
consider this to be much better than most efforts we'd make to roll our |
| 25 |
own |
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
-- |
| 30 |
Alan McKinnnon |
| 31 |
alan.mckinnon@×××××.com |
Archives