[Dshield] I'm FINALLY going to setup a honeypot - could use some input.
Johannes B. Ullrich
jullrich at sans.org
Thu Mar 11 14:24:58 GMT 2004
> One of my first ideas is to deliberately infect it, ...
> Has anyone on this list done this yet? Can a well configured sniffer
> obtain enough information to learn and obtain a Snort attack signature which can
> detect this?
Take a look at the papers published by the honeynet project. In
particular the firewall script and the inline snort
As always, your #1 goal should be to do no harm. After all, you don't
want to spend all this effort just to become another host spewing
viruses and worms all over the place.
For all the various tools, see http://www.honeynet.org/tools
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040311/0c7058a5/attachment.bin
More information about the list