Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Honeynet Project


  • Please log in to reply
5 replies to this topic

#1 KonaR

KonaR

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 22 February 2016 - 02:50 PM

Hello all.
I want to accomplish a honeynet project.
The honeynet will consist of some virtual servers runing windows and linux with various services (but i am not yet to this point)
In order to procced with the project i have to make a plan and that's why i am here...
I need the help of people with experience in Honeynets help me design the architecture of my honeynet.
It will be an internal honeynet in a University's network and honeypots will be high interactive.
So first of all what tools should i use..
I was thinking of deploying Honeywall roo as i see it the most used and well documented project.

So i have some questions:
1)Does honeywall roo provide me all the necessary tools needed to setup a honeynet?

2)Honeywall roo will be installed on a machine (with 3 NICs) between the production network and the honeynet.On the honeypots i only need to install the OS and whatever services i whould like?Do i have to install other software for capturing traffic or keystrokes etc or everything is done on the machine running honeywall roo?

3)Assuming i want to have my honeypots on Virtual Machines can i install Honeywall Roo on a VM in the same physical computer with the honeypots?Or i have to seperate them?
 

I am at the very beggining of this project.
So every suggestion whould be welcome.


Edited by KonaR, 22 February 2016 - 03:00 PM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 22 February 2016 - 03:46 PM

Posting in this thread to monitor it, and also to say that I'm very interesting in hearing the answers of someone that is running his own honeypot because this is something I want to try, however I would like one that I could connect to the web and it would collect malware by browsing the web.

Nice question Kona!

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 27 February 2016 - 04:25 AM

If I'm not mistaken, a friend of mine decided not to use Honeywall because in hasn't been updated in years.

What version do you plan to use?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 27 February 2016 - 08:40 AM

Just looked through the website, and it seems that it stopped being updated in 08-09... It's really old yes.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 KonaR

KonaR
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 01 March 2016 - 09:12 AM

I was planing on using honeynet roo + sebek but both of them are very old...

@Didier Stevens I was planing on deploying honeywall roo 1,4 (latest version) but i am a bit cautious due to the fact that both honeywall roo and sebek are over 6-8 years old and not updated.
Whould you mind sharing some information from your friend's honeynet architecture?It whould be great help for me.

Currently from my research it seems that honenet roo is the most valuable tool for building a honeynet but i am not sure...



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 02 March 2016 - 05:46 PM

I don't think he is in that phase yet.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users