±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35538
New Yesterday: 1 Visitors: 130

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

HoneyWall implemetation on windows OS

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

ramo
Newbie
 

HoneyWall implemetation on windows OS

Post Posted: Feb 02, 06 00:46

Dear all,

I'm about to start my dissertation which treats network forensics using open source tools.

I looked around for suitable open source software to help me achieve my work and found an interesting one called HoneyWall based on the honeynet project (http://www.honeynet.org/misc/project.html).

I tried to read through the documentation provided but couldn't find anything that shows how to implement the honeynet on a windows OS. The only option given is a bootable CDROM that could be downloaded from the site but that is fedora based.
Please enlighten me with your expertise, and please advice on any tips/tricks that could help me do my project.

Thanks  
 
  

hogfly
Senior Member
 

Re: HoneyWall implemetation on windows OS

Post Posted: Feb 02, 06 04:52

Ramo,
I wouldn't even attempt to run a honeywall on windows. Sebek Server is not designed to run on a windows box. And other OSS like snort, tethereal, p0f etc..run much better on a nix box not to mention there is no firewall capable of data capture and control for a windows box --unless you want to pay a lot of money.

The Roo CD which you are referring to is part of the Gen III honeynet design and it works rather well.  
 
  

ramo
Newbie
 

Re: HoneyWall implemetation on windows OS

Post Posted: Feb 02, 06 16:51

Thanks hogfly,

So if I implement the honeywall on fedora, would it still be possible for me to install sebek on a windows machine (host)?
Please try to be as clear as possible, because this is all new for me and it's a big challenge.

Thanks in Advance.
Ramo  
 
  

hogfly
Senior Member
 

Re: HoneyWall implemetation on windows OS

Post Posted: Feb 02, 06 20:59

Ramo,

The Roo CD is a customized distribution of fedora core 3 so just pop in the CD and install, then configure it. I really suggest you spend the time reading the docs on the distribution. If you have the money, get Know Your Enemy honeynet.org/book/index.html .

The honeywall will contain mechanisms for data capture and data control.

Iptables
Snort (in IDS and pcap mode)
Snort-inline
Tethereal
argus
sebek server and a host of other tools including the walleye interface (web interface for managing the honeywall).

Sebek clients can be installed on a number of platforms -windows is one of them.

One thing to watch out for, and I've experienced this is that sebek on windows tends to cause the system to blue screen and crash. There are bug reports on this and the older version of the client did not do this to me(2.1.7) but I haven't heard anything about a fix.  
 
  

ramo
Newbie
 

Re: HoneyWall implemetation on windows OS

Post Posted: Feb 02, 06 22:14

Thanks hogfly,

You're really helping me, one more thing, when I tried the bootable CD, the first message I got is that if I hit the enter key all data in the hard drive will be lost, so I thought I rather not mess with this and ask someone who knows about it before. So what do you recommend?


Ramo  
 
  

hogfly
Senior Member
 

Re: HoneyWall implemetation on windows OS

Post Posted: Feb 02, 06 22:51

That's a part of installing it, just like any other operating system. It needs to format the disk, hence the loss of the data currently on it.  
 
  

arashiryu
Senior Member
 

Re: HoneyWall implemetation on windows OS

Post Posted: Feb 03, 06 00:51

Ramo,

Additional info. that might help. www.securityfocus.com/infocus/1855  
 

Page 1 of 2
Page 1, 2  Next