RE: Windows Honeypot Help

Hi,

I have been having some success using net cat (NC) and standard win 2k
logging. I have used multiple IP's on one W2K server. Seem to have
issues hiding or spoofing the MAC though. Also had a play with honeyd
v0.5, is okay too.

Don't know if this helps. My 2p's worth :)

-----Original Message-----
From: Ted [mailto:padmin_at_adelphia.net]
Sent: Monday, February 16, 2004 4:09 AM
To: honeypots_at_securityfocus.com
Subject: Windows Honeypot Help

Hello,

  Bottom line up front, I'm looking for some kind of script/software
combination that will allow me to emulate services and log interaction
with those fake services on a Win2k honeypot. Now for some details.

-----------------------------------------------------------------------

Registered Office:
Marks & Spencer p.l.c
Michael House, Baker Street,
London, W1U 8EP
Registered No. 214436 in England and Wales.

Telephone (020) 7935 4422
Facsimile (020) 7487 2670

www.marksandspencer.com

Please note that electronic mail may be monitored.

This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful.

The registered office of Marks and Spencer Financial Services PLC, Marks and Spencer Unit Trust Management Limited, Marks and Spencer Life Assurance Limited and Marks and Spencer Savings and Investments Limited is Kings Meadow, Chester, CH99 9FB. These firms are authorised and regulated by the Financial Services Authority.
Received on Thu Feb 19 2004 - 09:43:47 PST