hi
you can go projecthoneypot.org, register an user, there are
instructions and script of how to install honeypot.

14/08/06, Brad Rubin <bsrubin (AT) stthomas (DOT) eduwrote:
Deva,

A honeypot can be any non-production system, so creating one can be
as simple as getting a system setup with Windows or Linux while
waiting for it to be attacked. The honeywall sits in between the
honeypot and the network and helps with logging activities directed
to or coming from the honeypot if it is compromised. It also helps
limit the outgoing damage and associated liability if something does
compromise the honeypot. And, the honeywall is designed to do this
while trying to remain hidden from the outside.

You can also create a series of honeypot systems and network that run
virtually on a single system using some software called Honeyd.

nepenthes (nepenthes.mwcollect.org) is also an easy low-interaction
honeypot to start with. It emulates known Windows vulnerabilities and
catches quite a few different worms and bots.

A high-interaction honeypot is just some extra monitoring stuff (such
as the Roo honeywall) on top of a genuinely vulnerable system and
needs *constant* attention.

For a web-based honeypot, you could, e.g. install awstats, change the
version number to a vulnerable version (6.4 and below I think) and
then get it indexed on search engines. (see
http://ghh.sourceforge.net/ for other ways of doing web-based stuff).

The first reply concerns spam honeypots, which pretend to be open
relays, or open SCKS proxies but actually throw away all the email
except the first test.

cheers,
Jamie

Dear List members ,

Thank you all for your valuable suggestions.

I have started looking at honeyd and nepenthes howtos .

Thanks once again .

Regards
-Deva

8/14/06, Jamie Riden <jamesr (AT) europe (DOT) comwrote:
14/08/06, Brad Rubin <bsrubin (AT) stthomas (DOT) eduwrote:
Deva,

A honeypot can be any non-production system, so creating one can be
as simple as getting a system setup with Windows or Linux while
waiting for it to be attacked. The honeywall sits in between the
honeypot and the network and helps with logging activities directed
to or coming from the honeypot if it is compromised. It also helps
limit the outgoing damage and associated liability if something does
compromise the honeypot. And, the honeywall is designed to do this
while trying to remain hidden from the outside.

You can also create a series of honeypot systems and network that run
virtually on a single system using some software called Honeyd.

nepenthes (nepenthes.mwcollect.org) is also an easy low-interaction
honeypot to start with. It emulates known Windows vulnerabilities and
catches quite a few different worms and bots.

A high-interaction honeypot is just some extra monitoring stuff (such
as the Roo honeywall) on top of a genuinely vulnerable system and
needs *constant* attention.

For a web-based honeypot, you could, e.g. install awstats, change the
version number to a vulnerable version (6.4 and below I think) and
then get it indexed on search engines. (see
http://ghh.sourceforge.net/ for other ways of doing web-based stuff).

The first reply concerns spam honeypots, which pretend to be open
relays, or open SCKS proxies but actually throw away all the email
except the first test.

cheers,
Jamie

Dev,

Worth a read when getting started with honeypots are:

The Honeynet Project books

Roger Grimes's "Honeypots for Windows" book:

And I`d take a look existing low and high interaction honeypot solutions:

Most are pretty straight forward to test and experiment with in a lab.

Hopefully these links should be enough to get you started, good luck!

Thanks,

David

Dev Anand wrote:
Dear List members ,

Thank you all for your valuable suggestions.

I have started looking at honeyd and nepenthes howtos .

Thanks once again .

Regards
-Deva

8/14/06, Jamie Riden <jamesr (AT) europe (DOT) comwrote:
>14/08/06, Brad Rubin <bsrubin (AT) stthomas (DOT) eduwrote:
>Deva,
>>
>A honeypot can be any non-production system, so creating one can be
>as simple as getting a system setup with Windows or Linux while
>waiting for it to be attacked. The honeywall sits in between the
>honeypot and the network and helps with logging activities directed
>to or coming from the honeypot if it is compromised. It also helps
>limit the outgoing damage and associated liability if something does
>compromise the honeypot. And, the honeywall is designed to do this
>while trying to remain hidden from the outside.
>>
>You can also create a series of honeypot systems and network that run
>virtually on a single system using some software called Honeyd.
>>
>nepenthes (nepenthes.mwcollect.org) is also an easy low-interaction
>honeypot to start with. It emulates known Windows vulnerabilities and
>catches quite a few different worms and bots.
>>
>A high-interaction honeypot is just some extra monitoring stuff (such
>as the Roo honeywall) on top of a genuinely vulnerable system and
>needs *constant* attention.
>>
>For a web-based honeypot, you could, e.g. install awstats, change the
>version number to a vulnerable version (6.4 and below I think) and
>then get it indexed on search engines. (see
>http://ghh.sourceforge.net/ for other ways of doing web-based stuff).
>>
>The first reply concerns spam honeypots, which pretend to be open
>relays, or open SCKS proxies but actually throw away all the email
>except the first test.
>>
>cheers,
>Jamie
>--
>Jamie Riden / jamesr (AT) europe (DOT) com / jamie.riden (AT) computer (DOT) org
>NZ Honeynet project - http://www.nz-honeynet.org/
>>