[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] honeypots
From: Vipul Agarwal <vipul () nuttygeeks ! com>
Date: 2012-01-30 15:23:57
Message-ID: CADK2VQxSrcNJBo--U0PntFQ1khPTMPyQypf65G6b3v+f5_jo4A () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi there,
You may first need identify the purpose of using it.
- If you want to collect malwares exploiting Windows vulnerabilities,
you've Nepenthes which is a low-interaction honeypot. It can be easily
installed in Debian from the official repo.
- If you're looking something to detect intrusion in a production
environment, you've Honeyd (even this is available as a Debian package)
- For something more specific, like capturing live ssh sessions, you may
use Kippo. It stores the logs in UML format that can be played back on a
later stage using tools like Ajaxterm. You even get a separate copy of the
tools and bots they download using wget.
- Glastopf is another good high interaction honeypot with a nice
vulnerability emulator. Although, you need patience and some SEO to get
best results out of it.
I hope this helps.
Regards,
Vipul
On Fri, Jan 27, 2012 at 6:56 PM, <lallantada@tvazteca.com.mx> wrote:
> i am looking for a good honeypot
>
> thanks
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Thanks and Regards,
Vipul Agarwal
[Attachment #5 (text/html)]
Hi there,<br><br>You may first need identify the purpose of using it.<br><ul><li>If you want to \
collect malwares exploiting Windows vulnerabilities, you've Nepenthes which is a \
low-interaction honeypot. It can be easily installed in Debian from the official repo.</li> \
<li>If you're looking something to detect intrusion in a production environment, you've \
Honeyd (even this is available as a Debian package)</li><li>For something more specific, like \
capturing live ssh sessions, you may use Kippo. It stores the logs in UML format that can be \
played back on a later stage using tools like Ajaxterm. You even get a separate copy of the \
tools and bots they download using wget. <br> </li><li>Glastopf is another good high \
interaction honeypot with a nice vulnerability emulator. Although, you need patience and some \
SEO to get best results out of it.</li></ul><p>I hope this helps.</p><p>Regards,<br>Vipul<br> \
</p><div class="gmail_quote">On Fri, Jan 27, 2012 at 6:56 PM, <span dir="ltr"><<a \
href="mailto:lallantada@tvazteca.com.mx">lallantada@tvazteca.com.mx</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> <font face="sans-serif">i am looking for a good honeypot </font>
<br>
<br><font face="sans-serif">thanks</font><br>_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> Hosted and \
sponsored by Secunia - <a href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br></blockquote></div><br><br clear="all"><br>-- \
<br>Thanks and Regards,<br>Vipul Agarwal<br>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic