[Dshield] An Interesting project - Any volunteers?

John D. lists at webcrunchers.com
Fri Aug 22 08:49:31 GMT 2003


>It takes more to build a honeypot then to hookup an old PC.

of course...

>If you do that, all you will acchieve is to add another infected PC to
>the Sobig-X population.

Isn't there a way to monitor whats going on?    I thought that was possible
on PC's.   I know on UNIX, you can implement code to "monitor" hostile code and "Jail" it.   I'm no expert on Windows,  so don't really know what's possible,  but now that you have me thinking,  windows is a "closed" system,  and guess a lot of effort is required to do it.
>
>Take a look at the Honeynet project. They have some excellent tools for
>data control and data capture, that will first of all avoid that your
>honeypot is doing any damange, and secondly it will make sure that you
>collect useful data.

right...  i thought i mentioned the Honeynet project in my earlier posting.
>
>I know they are working on a bootable 'honeywall' CD, which will
>implement data control and capture in an easy to use package.

Kewl...  I wonder if it would be of use in this case.
>
>To start playing right away, I highly recommend honeyd and tiny
>honeypot. Bot are simple non-interactive capture scripts. I use tiny
>honeypot a lot and it has been extremely valuable for MSBlaster.

How are you using it?  

John





More information about the list mailing list