[gentoo-user] Whats a good honeypot?

[gentoo-user] Whats a good honeypot?

[William Kenworthy]

I am looking at using a honeypot for a research project - need to put
something "safe" to attract packets, scans etc.  I was thinking of a
heavily stripped gentoo vm (in virtualbox) running honeyd, but the
ebuild for honeyd is looking like its getting quite old - according to
the honeyd website its 2007-05-27.

Is there an alternative?  I need to dump raw packets (pcap format) from
an unprotected network connection but dont want to risk getting actually
"hacked".

BillK

Re: [gentoo-user] Whats a good honeypot?

[Alan McKinnon]

On Sat, 17 Sep 2011 19:14:06 +0800
William Kenworthy <billk@iinet.net.au> wrote:

> I am looking at using a honeypot for a research project - need to put
> something "safe" to attract packets, scans etc.  I was thinking of a
> heavily stripped gentoo vm (in virtualbox) running honeyd, but the
> ebuild for honeyd is looking like its getting quite old - according to
> the honeyd website its 2007-05-27.
> 
> Is there an alternative?  I need to dump raw packets (pcap format)
> from an unprotected network connection but dont want to risk getting
> actually "hacked".


backtrack.

Awesome tool. Our risk and pentest guys use it lots with honeypots
scattered all over the network, most of them serving no other purpose
than to catch my team out so we owe them lots of beer :-)

Seriously though, it comes up as a full distro so runs in a VM nicely
and is designed to be a security tool. The plumbing you need to
not give away that something in a honeypot is already in place. I
consider this to be much better than most efforts we'd make to roll our
own



-- 
Alan McKinnnon
alan.mckinnon@gmail.com