[ale] Honeypots

Jonathan Rickman jonathan at xcorps.net
Sat Apr 26 08:49:16 EDT 2003


On Sat, 26 Apr 2003, Christopher Bergeron wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Can this be done easily with vmware?  I don't see any reason why it
> can't; but this is the first that I've heard of using vmware for it.  It
> sounds like an ingenius fit, considering that vmware sesssions can be
> read-only, and can be "saved".

I'll save myself some typing and direct you to:

http://www.honeynet.org/papers/vmware/
http://www.seifried.org/security/ids/20020107-honeypot-vmware-basics.html

Both Kurt and Lance are dead on with these papers. For more advanced
techniques, you're better off talking to MW about how he does it at work,
if he can share details. VMWare is ideal for the setup I have (or lack
thereof) but I have used UML in a similar way with good success. Read
Lance's paper on UML here:

http://www.honeynet.org/papers/uml/

Alas, VMWare is not free or cheap...but worth every penny. You can get
trial versions at their site.

--
Jonathan Rickman
X Corps Security
http://www.xcorps.net

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list