honeypots

[Kristofer Coward]

On Fri, Nov 14, 2003 at 12:04:44PM -0500, gbell72 wrote:
> Lately I've been doing some research on honeypots, I've come across a vast
> amount of information on them but am presently unsure on how to go about
> deploying one.  As I say I'm only doing this for research purposes but would
> like to witness one in action first hand.
> How difficult would it be to set one or two up, and how would they best be
> deployed to emulate an ftp and webserver?  These two services I am presently
> running.  Would one honeypot do the job?  And how would I go about strategically
> placing them.
> I've read that low-level honeypots rarely fool an attacker.  I realize it's
> mostly organizations that utilize high-level ones.  What type of honeypot would
> best fit a 5 system network.  My network consists of 3 linux systems and a win
> xp pro system.
> Any tips or advice greatly appreciated.

Honeypots are a research tool used by security professionals/experts
for purposes like identifying new rootkits, and otherwise examining the
behavior of attackers once they've compromised a system.  A certain
degree of skill in identifying a compromised sytem, and analysing how
its been compromised is required for the honeypot to be at all
valuable.

Basically, if you need to ask a nonspecialist mailing list how to set
up a honeypot, the only answer anyone can responsibly give you is:
don't.

-- 
Kristofer Coward				http://unripe.melon.org/
GPG Fingerprint: 2BF3 957D 310A FEEC 4733  830E 21A4 05C7 1FEB 12B3
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml