Honeypots (honeypots) Mailing List

Re: regarding setup of a honeypot in restricted environment

Tue, 25 Nov 2008 08:34:27 -0500

Posted by Valdis.Kletnieks_at_vt.edu on Nov 25

On Mon, 24 Nov 2008 21:09:17 EST, Noah Meyerhans said:

> A lot of the fun malware is client-side these days, anyway, so why don't
> you make a client honeypot: http://en.wikipedia.org/wiki/Honeyclient

Amen to that. It's pretty much directly attributable to 2 specific things:

1) XP SP2...

RE: regarding setup of a honeypot in restricted environment

Tue, 25 Nov 2008 11:46:40 +0530

Posted by Bhatnagar Mayank on Nov 25

Hi all,

Thanks for the many responses I received on this thread.
Thanks Antonio, Jesper, Noah, Dharm for some valuable suggestions including

1. redirection of some common TCP/UDP ports
2. MAC spoofing
3. client honeypot setup

Well I plan to begin with initial client honeypot set up and...

CanSecWest 2009 CFP (March 18-20 2009, Deadline December 8 2008)

Mon, 24 Nov 2008 21:32:32 -0800

Posted by Dragos Ruiu on Nov 24

Call For Papers

The CanSecWest 2009 CFP is now open.

Deadline is December 8th, 2008.

CanSecWest CALL FOR PAPERS

VANCOUVER, Canada -- The tenth annual CanSecWest applied
technical security...

Fwd: regarding setup of a honeypot in restricted environment

Tue, 25 Nov 2008 10:41:27 +0530

Posted by dharm on Nov 25

---------- Forwarded message ----------
From: dharm <dharm910_at_gmail.com>
Date: Tue, Nov 25, 2008 at 10:36 AM
Subject: Re: regarding setup of a honeypot in restricted environment
To: Jesper Jurcenoks <jesper.jurcenoks_at_netvigilance.com>
Cc: "Bhatnagar,...

Re: regarding setup of a honeypot in restricted environment

Mon, 24 Nov 2008 21:09:17 -0500

Posted by Noah Meyerhans on Nov 24

On Mon, Nov 24, 2008 at 05:03:52PM +0530, Bhatnagar, Mayank wrote:
> Suppose if I want to install a honeypot in an environment where it
> cannot get a public facing IP but the machine o which honeypot is to be
> installed has an access to Internet
> 1. via another proxy or
>...

RE: regarding setup of a honeypot in restricted environment

Mon, 24 Nov 2008 08:33:34 -0800

Posted by Jesper Jurcenoks on Nov 24

Hi Mayank.

Assuming you have the follwiong setup:

dsl line without static IP to home/soho office, a honeypot behind the dsl-router (with builtin firewall function), and you can put the Honeyd on a fixed internal IP address.

Then you can do the following simple honeypot.

Redirect one of more...

regarding setup of a honeypot in restricted environment

Mon, 24 Nov 2008 17:03:52 +0530

Posted by Bhatnagar Mayank on Nov 24

Hi,

I am writing this email to know some of your valuable suggestions as to
how we can use honeypot in a restricted environment.

Suppose if I want to install a honeypot in an environment where it
cannot get a public facing IP but the machine o which honeypot is to be
installed has an access...

DateTime issue on Honeywall

Mon, 17 Nov 2008 19:36:18 -0800

Posted by secpuffy on Nov 17

Hi,

How can I fix the timestamps that appear in walleye? and honeywall?
I am in America/Los_Angeles PDT timezone.

thx.
Received on Nov 17 2008

Re: botnet logs

Mon, 17 Nov 2008 12:48:53 -0500

Posted by Valdis.Kletnieks_at_vt.edu on Nov 17

On Mon, 17 Nov 2008 10:15:06 EST, dxp said:

> Many trojans these days can easily bypass defautl firewall protection in
> XP Sp2. If any of those include self replication with exploit against
> some vulnerability (ms08-067) then history will be repeated, to a
> certain extent.

...

Re: botnet logs

Mon, 17 Nov 2008 16:31:32 +0100

Posted by Nathan on Nov 17

Hello!

I don't really get this part. If the host pc you are running honeyd on
it is infected, how can you benefit from this with your honeyd? It's
okay to monitor your pc's traffic, and control the outgoing malicious
packets, but where honeyd comes in? The only thing i can think of, to
watch...

Re: botnet logs

Mon, 17 Nov 2008 10:40:00 +0100

Posted by Gabriele Zanoni on Nov 17

Il Saturday 15 November 2008 13:20:21 Nathan ha scritto:
> Hi,
>
> I have to make a brief presentation about honeypots and botnets
> relation. I chose honeyd as an example honeypot, i am already running
> it, but due to limited ip resources and short time, I wasn't able to
...

Re: botnet logs

Sun, 16 Nov 2008 22:51:52 -0500

Posted by Valdis.Kletnieks_at_vt.edu on Nov 16

On Sat, 15 Nov 2008 13:20:21 +0100, Nathan said:
> I have to make a brief presentation about honeypots and botnets
> relation. I chose honeyd as an example honeypot, i am already running
> it, but due to limited ip resources and short time, I wasn't able to
> gather any valueable...

botnet logs

Sat, 15 Nov 2008 13:20:21 +0100

Posted by Nathan on Nov 15

Hi,

I have to make a brief presentation about honeypots and botnets
relation. I chose honeyd as an example honeypot, i am already running
it, but due to limited ip resources and short time, I wasn't able to
gather any valueable information.
I would be pleased, if anyone could send me a...

Re: Stealth VM

Mon, 10 Nov 2008 22:09:45 +0100

Posted by Thorsten Holz on Nov 10

Hi Robert,

On Mon, Nov 10, 2008 at 4:33 PM, Robert Sandilands
<rsandilands_at_authentium.com> wrote:

> If you can provide a better unbiased view of current threats I would
> love for you to tell the world about it. Whatever the limitations of the
> Wildlist may be, it is...

Re: Stealth VM

Mon, 10 Nov 2008 10:33:22 -0500

Posted by Robert Sandilands on Nov 10

Hi Thorsten,

If you can provide a better unbiased view of current threats I would
love for you to tell the world about it. Whatever the limitations of the
Wildlist may be, it is the best unbiased view we have on the threats out
there. It is easy to criticize something and I think the Wildlist...