HoneyWall implemeta...
 
Notifications
Clear all

HoneyWall implemetation on windows OS

8 Posts
3 Users
0 Likes
564 Views
ramo
 ramo
(@ramo)
Posts: 4
New Member
Topic starter
 

Dear all,

I'm about to start my dissertation which treats network forensics using open source tools.

I looked around for suitable open source software to help me achieve my work and found an interesting one called HoneyWall based on the honeynet project (http//www.honeynet.org/misc/project.html).

I tried to read through the documentation provided but couldn't find anything that shows how to implement the honeynet on a windows OS. The only option given is a bootable CDROM that could be downloaded from the site but that is fedora based.
Please enlighten me with your expertise, and please advice on any tips/tricks that could help me do my project.

Thanks

 
Posted : 01/02/2006 11:46 pm
hogfly
(@hogfly)
Posts: 287
Reputable Member
 

Ramo,
I wouldn't even attempt to run a honeywall on windows. Sebek Server is not designed to run on a windows box. And other OSS like snort, tethereal, p0f etc..run much better on a nix box not to mention there is no firewall capable of data capture and control for a windows box –unless you want to pay a lot of money.

The Roo CD which you are referring to is part of the Gen III honeynet design and it works rather well.

 
Posted : 02/02/2006 3:52 am
ramo
 ramo
(@ramo)
Posts: 4
New Member
Topic starter
 

Thanks hogfly,

So if I implement the honeywall on fedora, would it still be possible for me to install sebek on a windows machine (host)?
Please try to be as clear as possible, because this is all new for me and it's a big challenge.

Thanks in Advance.
Ramo

 
Posted : 02/02/2006 3:51 pm
hogfly
(@hogfly)
Posts: 287
Reputable Member
 

Ramo,

The Roo CD is a customized distribution of fedora core 3 so just pop in the CD and install, then configure it. I really suggest you spend the time reading the docs on the distribution. If you have the money, get Know Your Enemy http//honeynet.org/book/index.html .

The honeywall will contain mechanisms for data capture and data control.

Iptables
Snort (in IDS and pcap mode)
Snort-inline
Tethereal
argus
sebek server and a host of other tools including the walleye interface (web interface for managing the honeywall).

Sebek clients can be installed on a number of platforms -windows is one of them.

One thing to watch out for, and I've experienced this is that sebek on windows tends to cause the system to blue screen and crash. There are bug reports on this and the older version of the client did not do this to me(2.1.7) but I haven't heard anything about a fix.

 
Posted : 02/02/2006 7:59 pm
ramo
 ramo
(@ramo)
Posts: 4
New Member
Topic starter
 

Thanks hogfly,

You're really helping me, one more thing, when I tried the bootable CD, the first message I got is that if I hit the enter key all data in the hard drive will be lost, so I thought I rather not mess with this and ask someone who knows about it before. So what do you recommend?

Ramo

 
Posted : 02/02/2006 9:14 pm
hogfly
(@hogfly)
Posts: 287
Reputable Member
 

That's a part of installing it, just like any other operating system. It needs to format the disk, hence the loss of the data currently on it.

 
Posted : 02/02/2006 9:51 pm
arashiryu
(@arashiryu)
Posts: 122
Estimable Member
 

Ramo,

Additional info. that might help. http//www.securityfocus.com/infocus/1855

 
Posted : 02/02/2006 11:51 pm
ramo
 ramo
(@ramo)
Posts: 4
New Member
Topic starter
 

Thanks hogfly, I got it wrong from the beginning. I thought that honeywall was just an application but it seems that it's an OS at the same time.

arashiryu, thank you for your link, but I've already had a look this article on this site before I looked in security focus, I'm looking forward for part2.

Thanks guys for your help

 
Posted : 03/02/2006 3:59 pm
Share: