[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] honeypots
- To: lallantada@xxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] honeypots
- From: Vipul Agarwal <vipul@xxxxxxxxxxxxxx>
- Date: Mon, 30 Jan 2012 15:23:57 +0000
Hi there,
You may first need identify the purpose of using it.
- If you want to collect malwares exploiting Windows vulnerabilities,
you've Nepenthes which is a low-interaction honeypot. It can be easily
installed in Debian from the official repo.
- If you're looking something to detect intrusion in a production
environment, you've Honeyd (even this is available as a Debian package)
- For something more specific, like capturing live ssh sessions, you may
use Kippo. It stores the logs in UML format that can be played back on a
later stage using tools like Ajaxterm. You even get a separate copy of the
tools and bots they download using wget.
- Glastopf is another good high interaction honeypot with a nice
vulnerability emulator. Although, you need patience and some SEO to get
best results out of it.
I hope this helps.
Regards,
Vipul
On Fri, Jan 27, 2012 at 6:56 PM, <lallantada@xxxxxxxxxxxxxxx> wrote:
> i am looking for a good honeypot
>
> thanks
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Thanks and Regards,
Vipul Agarwal
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/