tag:blogger.com,1999:blog-7596701773026668906.post565890411504720524..comments2023-10-23T12:49:50.988-07:00Comments on 5x5 security: Honeypot Design@charleypfaffhttp://www.blogger.com/profile/15554204928116343133noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-7596701773026668906.post-16234085128391304412012-11-14T04:50:47.828-08:002012-11-14T04:50:47.828-08:00E-mail the security-onion mailing list (http://cod...E-mail the security-onion mailing list (http://code.google.com/p/security-onion/wiki/MailingLists) with the output of "sostat" and we can have a look. I'd be happy to continue the discussion there.jbc22https://www.blogger.com/profile/05976142531440798519noreply@blogger.comtag:blogger.com,1999:blog-7596701773026668906.post-71366730342693152812012-11-13T22:55:16.951-08:002012-11-13T22:55:16.951-08:00Thanks for the quick answer, Brett. I have been st...Thanks for the quick answer, Brett. I have been struggling for 2 solid weeks (and many, many installs, both in VMs and on metal) trying to install OpenFPC in Security Onion. I am using Ubuntu 12.04 both as host and guest, so it's all open source. Bridging the network and installing Security Onion is relatively easy and well documented, but installing OpenFPC (for full packet capture) is the bottleneck for me (I keep getting an error saying I have a duplicate node configured, even immediately after I change the node name in the config file (and there's only one config file in /etc/openfpc/). I'd be happy to share a ready-built appliance to spare others this hassle, if only I could successfully configure OpenFPC. I had planned a separate honeypot VM with tools for forensics and reverse engineering malware, so your project looked like a great integration. I have found 3 separate but similar installation documents (4 if you count the readme file), and I get the same error with each, and I can't find anything relevant when I Google "openfpc duplicate node". I'm stumped. I'll try yet another install. I'll let you know if I end up with anything to share with your 'nix readers. If you can think of anything, I won't be the only one to benefit from your help.Anonymoushttps://www.blogger.com/profile/08988234354273480874noreply@blogger.comtag:blogger.com,1999:blog-7596701773026668906.post-84325262236285367222012-11-13T07:05:10.665-08:002012-11-13T07:05:10.665-08:00Rex, Thanks. I definitely would like to share, tho...Rex, Thanks. I definitely would like to share, though it's Windows XP and I don't think the licensing allows for that.<br /><br />That part of the honeypot was the easiest. Use a base Windows XP image, install some FTP software with a weak username/password and allow RDP in.<br /><br />Configuring Security Onion was the more time consuming task, though it still did not take long. If you run into any snags, let me know and I'd be willing to help. Also - let me know if you find anything interesting!jbc22https://www.blogger.com/profile/05976142531440798519noreply@blogger.comtag:blogger.com,1999:blog-7596701773026668906.post-67284445582372419712012-11-12T20:58:08.426-08:002012-11-12T20:58:08.426-08:00Nice work! Is the current version of your honeypot...Nice work! Is the current version of your honeypot based on the 10.04 or the 14.04 version of Security Onion? Would you consider making your VirtualBox appliance available for download (to spare us the heavy lifting you have already done to configure everything)?Anonymoushttps://www.blogger.com/profile/08988234354273480874noreply@blogger.com