On Sat, 17 Sep 2011 19:14:06 +0800 William Kenworthy <[email protected]> wrote:
> I am looking at using a honeypot for a research project - need to put > something "safe" to attract packets, scans etc. I was thinking of a > heavily stripped gentoo vm (in virtualbox) running honeyd, but the > ebuild for honeyd is looking like its getting quite old - according to > the honeyd website its 2007-05-27. > > Is there an alternative? I need to dump raw packets (pcap format) > from an unprotected network connection but dont want to risk getting > actually "hacked". backtrack. Awesome tool. Our risk and pentest guys use it lots with honeypots scattered all over the network, most of them serving no other purpose than to catch my team out so we owe them lots of beer :-) Seriously though, it comes up as a full distro so runs in a VM nicely and is designed to be a security tool. The plumbing you need to not give away that something in a honeypot is already in place. I consider this to be much better than most efforts we'd make to roll our own -- Alan McKinnnon [email protected]
