[Honeywall] 4-5 Computers Honeynet Setup

JT tyra0002 at umn.edu
Thu Jun 25 19:38:40 EDT 2009


Well without knowing more info I would install roo to the most powerful machine (must have 3 network cards) and place windows on the rest. Then infect the windows with malware of your choice. VMs add un-needed complexity in my opinion.

Each windows machine has a separate public IP, but the connections are physically routed through the roo computer, via a switch.

The big managed switch that hooks us to the net has been configured to forward multiple ips to 1 physical port (one hooked to roo). Roo has bridging setup by default so all traffic flows correctly.

So roo is inserted in series (EE term) to both ends of the connection. It can snort-inline data and rate limit via tc.


This is the exact setup we are running.
(I skipped some details, if you want more info just ask. Roo has a very very steep learning curve.)

-James

Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: r00t <r00t at ellicit.org>

Date: Thu, 25 Jun 2009 13:15:31 
To: Mailing list for users and developers of the Honeywall<honeywall at public.honeynet.org>
Subject: [Honeywall] 4-5 Computers Honeynet Setup


_______________________________________________
Honeywall mailing list
Honeywall at public.honeynet.org
https://public.honeynet.org/mailman/listinfo/honeywall



More information about the Honeywall mailing list