RE: [Honeywall] SEBEK SERVER & TRIPWIRE Configuration - PLEASEHELP!!!!!!!!!!!
esammons at hush.com
Mon Jul 28 19:20:59 EDT 2008
On Mon, 28 Jul 2008 16:08:58 -0400 "Jefferson, Shawn"
<Shawn.Jefferson at bcferries.com> wrote:
>As for the other question, you definitely want outbound
>communication on for your honeypots.
I argue that this is a very distinct choice to make based on what
you are after. If you just want to set up something you never
really have to worry about being used as a launch point as soon as
it's owned (something you are unable to watch closely) then turn on
"Roach Motel" mode (nothing allowed to originate from a pot) and
let it run.
That said, obviously the joy is *very* limited with no outbound.
>If you go through the interview setup it secures the Honeywall
> pretty well (IMO), the only thing additional I did on my
>system was add some entries to the fencelist (since I had some
>production systems I don't want the Honeypot to touch at all.)
Excelent! Exactly what the fencelist was designed for.
>It might be a better idea to post your Honeywall config to the
>that others who have more experience with Honeywall can take a
Suggest you omit the admin IP unless it's natt-ed or you dont care
about publishing it.
>but you may have to rebuild it (I had to, since I've made many
>changes since I originally went through the interview setup).
>You can rebuild that file by going to
>Honeywall Administration->Manage configuration subsystem->Create
>/etc/honeywall.conf from /hw/conf files in the menu program.
Nothing wrong with that method... can also be done by:
Does the same thing without the dialog front-end, unless I'm
dropping packets.... courtesy of Dave Dittrich :)
More information about the Honeywall