Dear all! I'm using roo 1.1 installation, and a number of high interaction honeypots - Windows Guests on VMWare. Honeypots emulating AD, SMS, Exchange, so they generate a lot of connections with each over (I think that's ok for this environment). Also, I have an "intruder" workstation, which assigned IP from different scope rather then honeypots. All ok, I see connections, IDS events, "intruder" IP in "Top 10 Remote Hosts" in Whalley.
Once I migrate to roo 1.2, I see 2 to 5 connections in about 2 hours (some broadcasts), no IDS events, no events from "intruder", no records in "Top 10 Remote Hosts". Back to 1.1 - all events and records back. All parameters in 1.1 and 1.2 are similar. Why? What's the difference can give this result? Best regards, KostyaK _______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
