Re: [gentoo-user] Whats a good honeypot?

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: Alan McKinnon <alan.mckinnon@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Whats a good honeypot?
Date: Sat, 17 Sep 2011 15:09:03 +0200	[thread overview]
Message-ID: <20110917150903.6db8245d@rohan.example.com> (raw)
In-Reply-To: <1316258046.7109.10.camel@moriah>

On Sat, 17 Sep 2011 19:14:06 +0800
William Kenworthy <billk@iinet.net.au> wrote:

> I am looking at using a honeypot for a research project - need to put
> something "safe" to attract packets, scans etc.  I was thinking of a
> heavily stripped gentoo vm (in virtualbox) running honeyd, but the
> ebuild for honeyd is looking like its getting quite old - according to
> the honeyd website its 2007-05-27.
> 
> Is there an alternative?  I need to dump raw packets (pcap format)
> from an unprotected network connection but dont want to risk getting
> actually "hacked".

backtrack.

Awesome tool. Our risk and pentest guys use it lots with honeypots
scattered all over the network, most of them serving no other purpose
than to catch my team out so we owe them lots of beer :-)

Seriously though, it comes up as a full distro so runs in a VM nicely
and is designed to be a security tool. The plumbing you need to
not give away that something in a honeypot is already in place. I
consider this to be much better than most efforts we'd make to roll our
own

-- 
Alan McKinnnon
alan.mckinnon@gmail.com

     prev parent reply	other threads:[~2011-09-17 13:10 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-09-17 11:14 [gentoo-user] Whats a good honeypot? William Kenworthy
2011-09-17 13:09 ` Alan McKinnon [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110917150903.6db8245d@rohan.example.com \
    --to=alan.mckinnon@gmail.com \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox