I personally prefer having it on two different systems. Reason being I
can monitor both of them separately and if I need to I can restart my
honeywall without having to affect my honeypot itself. Also it allows
me to report on if the honeywall was breached only or if someone
actually got into the

[ more ]  [ reply ]

Hi list
Could anyone weight in on or point me to a resource which confirms whether a
single host can be used for the honeywall and honeypot systems or if it is
recommended to have separate physical machines for each and why.
thanks,
Mike.

__________________________________________________________

[ more ]  [ reply ]

Dear Colleagues,

please find attached the Call For Papers for DIMVA 2007, the Fourth
GI International Conference on Detection of Intrusions & Malware,
and Vulnerability Assessment; which is to be held in Lucerne,
Switzerland, July 12-13, 2007. Complete information is available at
http://www.dimva.o

[ more ]  [ reply ]

hi

I would like some guidance in creating and deploying honeytokens.

1.Coming up with honeytoken data that would interest hackers.

2.How and where do I place the data so that I can monitor hackers.

best

vijay

[ more ]  [ reply ]

Hello!
I wold like to setup a honeypot for collecting spyware and adware. As
you know, spayware require user action, so i can't use the classic
honeypot method to connect it on the internet and let the "bad guys"
attack it.

I google a little bit on this project and i didn't find a point of
starting

[ more ]  [ reply ]

4th Australian Digital Forensics Conference
4-5th December, 2006, Edith Cowan University,
Perth Western Australia
http://scissec.scis.ecu.edu.au/conferences2006/

A reminder that paper submissions close for the conferences on the 1st
October. All of the details can be found on the above link. Pl

[ more ]  [ reply ]

Hi,

I was wondering whether someone could let me know how to use the
pcap_api.pl?

Basically I am trying to get the packet captures that the honeywall records.
I would then like to load these into a database for the purposes of data
mining.

From what I've been able to gather from the Flow.pl I ne

[ more ]  [ reply ]

I don't have difficulty viewing Sebek3 data using Walleye. I had a honeypot compromised by badguys using an SSH password-guessing tool and was able to follow their BASH session flawlessly.

Are you clicking the magnifying glass icon of connections you suspect may contain keystroke data? If so, co

[ more ]  [ reply ]

Hi Cindy,

I suggest you export the pcap file to Ethereal and depict any sebeked information from there.

Omar Bichbiche

[ more ]  [ reply ]

Well, since I posted this question, I still have had no luck on
solving this issue. Does anyone have Sebek3 under Walleye functioning
correctly?

I have discovered how to manually wipe the walleye database to clear
the sensor data, and can manually extract the data from walleye_0_3/
sys_read/

[ more ]  [ reply ]

Below is what I've encountered I'm really trying to get this to work,
not sure what went wrong.

Regards,
Ian J Hudson
IT Systems Specialist
WASPC
ihudson (at) waspc (dot) org [email concealed]
360.486.2380
>>
>> Sorry to bug you. With the Honeywall I've been able to see
stuff
>> happening with DNS externally, but I can

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Does the roo honeywall from honeynet.org by default create 2 sensors? I
dont see why this would be necessary, but it did that for me. Is this
an error on my part? Did I do something wrong? I had installed and
reinstalled roo a few times to get the har

[ more ]  [ reply ]

Hello all,

I have been trying to track the issue down and cannot find any
information on this problem online.

Environment:
Hwall server ROO hw1.0-189
Honeypots: FC3 2.6, Win2KPro, WinXP, Mac OS X
Syslog server: FC3 log server
Software: Sebek 3.03l server and clients, 2.6 kernel on FC3 client

Pr

[ more ]  [ reply ]