honeynet question

true_atlantis · 03-29-2006, 02:40 AM

so im trying to set up a honeynet spererate from my home LAN, im using roo from www.honeynet.org and am trying to figure something out. i have it set up so i have my modem connected to a hub, then from the hub going to my honeypot and the other port on the hub going to my home wireless router. in reading on honeynet.org i see this

* eth0 is the "Internet" or outside Interface
* eth1 is the LAN interface (Honeypot side)
* eth2 is the Management interface
* br0 is the virtual bridge interface (eth0 + eth1)

what exactly does this mean? are all in and outgoing connections going through eth0, and do i need to add another computer to eth1 with services on it? im not sure i completely understand how they are expecting this to be set up. do i need to set up a gateway? whats the deal? thanks

ledow · 03-30-2006, 05:51 AM

So you're trying to set up a network that is DESIGNED to be used so that ANYONE can detect and attack it, alongside your own home network? And you're not even sure of the naming of the interfaces and their functions or how to set it up?

<quote>what exactly does this mean? are all in and outgoing connections going through eth0, and do i need to add another computer to eth1 with services on it? im not sure i completely understand how they are expecting this to be set up. do i need to set up a gateway? whats the deal? thanks</quote>

Okay... is it not time to rethink this then?

I set up Linux and Windows networks, build my own firewall/gateway machines and wireless networks FOR A LIVING and despite my confidence in my ability to secure such networks, there is no way I would ever INVITE people to try to attack any part of my network or to create networks for them to attack, whether that was for monitoring purposes or not.

I'm paranoid enough that I don't use wireless at home (unless the only access across the wireless link is via authenticated public key SSH2). I absolutely cannot fathom why you would want to do this at all, especially if there's any possibility that you are uncertain as to how it should be set up. If you get it even slightly wrong, they could easily get inside your home computer and do whatever they wanted.

Go away and think about it for just five minutes before you try to install anything even resembling this.

true_atlantis · 03-30-2006, 03:20 PM

i do not think i need to rethink this. my question was specific to how the honeynet.org cd was set up to be used. i dont know how much you have read about it, but it has snort-inline pre installed, so i could make it so it would drop packets immediatly, so nothing could get to my home network. the reason i want it alongside my home network is because it is a lot cheaper to split one internet connection into 2 IPS via a hub than pay for a whole new high speed connection. the honeypot is set up so that any access to it would be considered an intrusion, with direct email to my phone, i will be able to see these things immediatley. im not very paranoid about security issues because i know that if any of my machines got compromised i am positive that i would be able to recognize it and be able to recover in a timley manner.

now, i appreciate your concern with my decision to set up a honeynet, but do you have an answer to my question?

thanks