Crushdepth Posted March 17, 2011 Share Posted March 17, 2011 (edited) Mercury is a modified Ubuntu 10.04 image that comes with several honeypot tools pre-configured. Includes HoneyD and Dionaea, amongst others. I've found some tools really painful to set up, this is quite a convenient way to experiment with the different options. Just the thing for Virtualbox Edited March 17, 2011 by Crushdepth Link to comment Share on other sites More sharing options...
urandom Posted March 19, 2011 Share Posted March 19, 2011 "I feel some disturbance in the Force" -- a random Soi8 customer at next linux meeting Link to comment Share on other sites More sharing options...
justsumhelp Posted May 18, 2011 Share Posted May 18, 2011 My god wireshark must make you jizz Link to comment Share on other sites More sharing options...
Crushdepth Posted May 20, 2011 Author Share Posted May 20, 2011 Not exactly, no. Link to comment Share on other sites More sharing options...
justsumhelp Posted May 20, 2011 Share Posted May 20, 2011 How exactly do you play with these honeypots? virtualbox,, really? Not exactly, no. Link to comment Share on other sites More sharing options...
Crushdepth Posted May 24, 2011 Author Share Posted May 24, 2011 I have them running in a virtual machine on my desktop, which has a bridged network adapter so it appears as an independent machine on the LAN. The idea is to use it to help detect malware infections on the network. If anything tries to connect to the honeypot and copies junk onto it then I know we have a problem and can identify the infected machine and/or troublemaker responsible. Link to comment Share on other sites More sharing options...
justsumhelp Posted May 26, 2011 Share Posted May 26, 2011 I apologize for the short and rude comments, I should stay away from posting when im drunk. I understand your situation, but unless that desktop stays running all the time the honeypot will not catch as many flies, also you run the (theoretical) risk of an exploit that leaves the virtual machine and infects the host or an attacker just exploiting virtualbox itself (not theoretical) e.g. http://www.juniper.n.../vuln34080.html , so if you do run a virtual machine i suggest virtualbox OSE and always keep it updated. I have them running in a virtual machine on my desktop, which has a bridged network adapter so it appears as an independent machine on the LAN. The idea is to use it to help detect malware infections on the network. If anything tries to connect to the honeypot and copies junk onto it then I know we have a problem and can identify the infected machine and/or troublemaker responsible. Link to comment Share on other sites More sharing options...
Crushdepth Posted May 27, 2011 Author Share Posted May 27, 2011 No problem I've done that before :-) I do leave my home/work PCs running constantly (Windows), and both have Linux virtual machines running in Virtualbox constantly as well. The honeypot VM is not used for anything else, I do my actual work in a separate VM to keep it quarantined. I agree it would be better to have the honeypot on a separate physical machine, but work is not very generous with hardware and it's only exposed to our internal network. Link to comment Share on other sites More sharing options...
justsumhelp Posted May 28, 2011 Share Posted May 28, 2011 A safer method would but to run an intrusion detection system (IDS) many of the security based livecd's have the tools included e.g. http://www.snort.org/, is a very robust tool. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now