Honeypot Project

From CSLabsWiki
Jump to: navigation, search

The Honeypot Project analyzes various malware tools and attack methods on the low interaction honeypot.

Current project status: Stalled

Current Members

Lead: Roger Ignazio

Other Members: Alexandria Barr, Christopher Lane, Michael McKenna-Mattiaccio, Jeanna Matthews, Bryan Rose

Past Members

Lead: Jim Owens

Other Members: Keegan Lowenstein, Jeremy Bongio, Jeff Wincek, Matt Howansky

Honeypot Machines

Below are the details for the honeypot computers.

Hostname Machine Status Network Status Operating System Type of Honeypot Notes
Curly Operational See notes Ubuntu 8.04 OpenSSH ssh operational, not logging
Larry Operational See notes CentOS MySQL In-progress
Moe Operational offline Ubuntu 8.04 OpenSSH Old honeypot project PC
Nada Not operational offline None TBD System currently does not POST
Shemp Operational offline Windows NT 4.0 SP5 TBD Hard drive needs wiping
Zilch Operational offline Ubuntu ?.?? Honeywall Old honeypot project PC

Notes

Notes for the CentOS installation with Gnome

To only use disk 1 in the installation process the base package is just selected

First install x window system: yum groupinstall "X Window System"

first we need a workaround for a dependency in Gnome wget http://mirror.centos.org/centos/5/os/i386/CentOS/nautilus-sendto-0.7-5.fc6.i386.rpm

then

rpm -Uvh --nodeps nautilus-sendto-0.7-5.fc6.i386.rpm

now Gnome:

yum groupinstall "GNOME Desktop Environment"

Notes for ssh-honeypot compile and run

zlib and openssl errors were produced in ./configure

installed zlib and openssl from source solved problem

then just

make

make install

/etc/init.d/ssh start

done