Honeypots
How to monitor events in Windows? Nov 02 2007 01:37AM
mybayern1974 sjtu edu cn (4 replies)
RE: How to monitor events in Windows? Nov 04 2007 12:06PM
Steve Armstrong (stevearmstrong logicallysecure com)
Re: How to monitor events in Windows? Nov 02 2007 06:59PM
Parvinder Bhasin (parvinder bhasin gmail com)
A good free low interaction windows based honeypot would be "HONEYBOT".
http://www.atomicsoftwaresolutions.com/honeybot.php

Regarding sebek, make sure you are installing the sebek 3.0.4.
I am sure you know that eventviewer is OK place to check , plus some
sysinternal tools are great too.

Hope this helps.

Cheers!
-Parvinder Bhasin

mybayern1974 (at) sjtu.edu (dot) cn [email concealed] wrote:
> I want to know everything happend in my Windows box, including both
> local events and network events. Is there such a tool? I know sebek is a
> good choise, but unfortunately the sebek client is unable to work in
> windows box located in Virtual Machine like VMware. (It will cause "blue
> screen" when rebooting after finishing configuration.) Furthermore, I
> know another choice named "spector", but it's a commercial one.
>
> So, is there any free one I can get?
>
> Thanks in advance!
>
>
>

[ reply ]
RE: How to monitor events in Windows? Nov 02 2007 01:04PM
Njoku, George O. (njokug winthrop edu)
Re: How to monitor events in Windows? Oct 31 2007 01:15PM
Jan Heisterkamp (janheisterkamp web de)


 

Privacy Statement
Copyright 2010, SecurityFocus