Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Kory Tarr (ktarr_at_advasys.com)
Date: Tue Dec 10 2002 - 22:38:04 CST
I was a dot.gone slave, let me know which hat to put on.
Do we need cvs? Could that be hosted on the same machine if needed Valter?
I can help and or send you docs if needed
can host if needed also
On 11 Dec 2002 02:41:25 +0000
Valter Santos <vsantoladevfusion.net> wrote:
>I'm offering my services to setup the website, do some initial design,
>work on the information and that stuff.
>I'm also trying to get some machines to build a honeypot, but for now I
>only can help the project with efforts regarding the website.
>http://devfusion.net/~vsantola/keys/ ( )
>On Wed, 2002-12-11 at 02:25, Tom McLaughlin wrote:
>> Hi everyone, I am glad to see the responces that I have gotten back from
>> this list. Yet me state the two things that this project would need to
>> get off the ground.
>> One thing necessary is the creation of a website where people can be
>> directed to in order to learn about the project, its goals, and how to
>> participate. This is to me a very hard part. I have no experience in
>> website design or content management. Furthermore, there is no "one"
>> honeypot setup. They vary by design in many ways based upon hardware
>> and intent. My original design was based upon one presented in Lance
>> Spitzner's "Know Your Enemy" which you can find at Amazon or any other
>> bookstore with a good computer section. It was based on that design. I
>> added a number of things to the design from a mysql db for logging, to
>> qmail for sending me alerts in realtime, to various crontab scripts to
>> keep different logs in a sensible format for eaier cross referencing.
>> This illustrates the need for a sort of information clearinhouse
>> directing users to differnt honeypot and IDS resources such as the
>> Honeyney Project's www.honeynet.org or Security Focus' IDS area.
>> Furthermore I would like it to be a place where people interested in the
>> idea can find designs that suit their needs and resources through the
>> contributions of other people sharing their own experiences and setups.
>> Every person's honeypot is in some way unique and requires a lot of work
>> on the part of the indiviual to make it work the way they want it to.
>> The most important thing needed is of course people. People who are
>> willing to take the time and dedicate a machine solely to following the
>> development of the Cooker branch. People who are willing to design and
>> implement an effective IDS and take the necessary time to monitor the
>> machine for malicous activity and possible intrussions. These people
>> must be willing to then in the event of a break in do some forensic work
>> to track down how the intruder made their way in and contact the
>> appropriate Cooker developer if necessary. This takes a lot of time.
>> Careful thought must be put into each honeypot's design. It is more
>> than just setting up snort. It is tailoring the IDS's ruleset,
>> establishing an effective notification mechanism in the event of
>> activity, and creating a logicl and coherent set of logs in order to
>> look through them for anything missed by the IDS. A honeypot is not in
>> the words of the great Ron Popeil a "set it and forget it" device. If
>> you follow that idea your honeypot end up being used by some l33t script
>> kiddie to launch their latest hax0r tool.
>> I hope I do not sound discouraging to anyone. I just want people to
>> know what they would be getting into if they decided to undertake this
>> idea. While in school this was one of the greatest learning experiences
>> that I had. I learned not only network security concepts but also how
>> to use numerous different pieces of software and to create solutions
>> from that software to fit my neads. You can also help to make MDK 9.1
>> better, which I think we would all like. Please tell me if you would
>> like to help out in either of the two areas above. Honestly, I think
>> the web aspect is possibibly of greater importance right now. The
>> centralization of information will allow the second area of need to fall
>> into place more easilly with less problems. The first step in building
>> a honeypot is understanding them. Tell me what you think of these two
>> things and how you would like to contribute.
>> (I'm going to float my original email on the cooker list to see what
>> reaction I get from them tonight.)
Advanced Systems Development