Jump to content

Honeypots Made Easy: Mercury


Crushdepth

Recommended Posts

Mercury is a modified Ubuntu 10.04 image that comes with several honeypot tools pre-configured. Includes HoneyD and Dionaea, amongst others. I've found some tools really painful to set up, this is quite a convenient way to experiment with the different options. Just the thing for Virtualbox :) Edited by Crushdepth
Link to comment
Share on other sites

  • 1 month later...

I have them running in a virtual machine on my desktop, which has a bridged network adapter so it appears as an independent machine on the LAN. The idea is to use it to help detect malware infections on the network. If anything tries to connect to the honeypot and copies junk onto it then I know we have a problem and can identify the infected machine and/or troublemaker responsible.

Link to comment
Share on other sites

I apologize for the short and rude comments, I should stay away from posting when im drunk. I understand your situation, but unless that desktop stays running all the time the honeypot will not catch as many flies, also you run the (theoretical) risk of an exploit that leaves the virtual machine and infects the host or an attacker just exploiting virtualbox itself (not theoretical) e.g. http://www.juniper.n.../vuln34080.html , so if you do run a virtual machine i suggest virtualbox OSE and always keep it updated.

I have them running in a virtual machine on my desktop, which has a bridged network adapter so it appears as an independent machine on the LAN. The idea is to use it to help detect malware infections on the network. If anything tries to connect to the honeypot and copies junk onto it then I know we have a problem and can identify the infected machine and/or troublemaker responsible.

Link to comment
Share on other sites

No problem I've done that before :-)

I do leave my home/work PCs running constantly (Windows), and both have Linux virtual machines running in Virtualbox constantly as well. The honeypot VM is not used for anything else, I do my actual work in a separate VM to keep it quarantined. I agree it would be better to have the honeypot on a separate physical machine, but work is not very generous with hardware and it's only exposed to our internal network.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...