Hi guys, This is something that ive been interested in doing for a while now, but haven't actually gotten round to it yet (work!).
Anyone have any suggested setups? Would be interesting to here of any "HoneyMonkey's" that are OpenSource of offer a trial download? Cheers On 22 June 2011 17:17, Michael Lubinski <[email protected]> wrote: > What methods were you using to analyze the proxy logs for out of the norm > behavior? > > On Wed, Jun 22, 2011 at 6:11 AM, Ben Jackson <[email protected]> wrote: > >> On Tue, Jun 21, 2011 at 4:41 PM, Michael Lubinski >> <[email protected]> wrote: >> > Who runs honeypots? My research suggests that Dionaea seems to be the >> one. >> > My goal is malware classification and collection. >> >> If you want malware, running a honeypot isn't going to get you much in >> the way of "new" samples. 99% of the malware coming into any >> environment is going to be delivered by drive-by-downloads. Running a >> "regular" honeypot is going to get you stuff that is already fairly >> well known (Conficker, SQL Slammer, etc). You'd be better off finding >> a HoneyMonkey (I don't know if there is a free one out there) or >> analyzing proxy logs for executable downloads. I netted a boat load of >> stuff in my previous job following option B. It's always cool to get a >> piece of malware that was created the same day you're analyzing it. >> >> Another option, which I have not done, is analyzing your mail queue. >> >> -- >> Ben Jackson - Mayhemic Labs >> [email protected] - http://www.mayhemiclabs.com - +1-508-296-0267 >> "Assume that what is in the power of one man to do, is in the power of >> another" >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
