[Dshield] I'm FINALLY going to setup a honeypot - could use some input.

Johannes B. Ullrich jullrich at sans.org
Thu Mar 11 14:24:58 GMT 2004


> One of my first ideas is to deliberately infect it,  ...

> Has anyone on this list done this yet?   Can a well configured sniffer 
> obtain enough information to learn and obtain a Snort attack signature which can 
> detect this?

John:

  Take a look at the papers published by the honeynet project. In
particular the firewall script and the inline snort
patches/configuration.

  As always, your #1 goal should be to do no harm. After all, you don't
want to spend all this effort just to become another host spewing
viruses and worms all over the place.

  For all the various tools, see http://www.honeynet.org/tools

 

-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040311/0c7058a5/attachment.bin


More information about the list mailing list