Commercial Honeypots for Windows?

Commercial Honeypots for Windows?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Commercial Honeypots for Windows? Will 01-28-2007
Posted by Will on January 28, 2007, 3:18 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Does any vendor make a commercial Honeypot for Windows, or one that emulates
Windows 2000? I have a trojan on a DMZ that is spreading itself by SMB to
other machines, and I want to see in detail what files it is grabbing and
replacing. I can of course configure a Windows 2000 host and then use
Sysinternals tools to get the same information, but it's more work than I
want, and I am hoping to find a commercial tool that would save time.

I saw a lot of freeware research tools, but they all looked like they would
take as much time to learn and install and make work as doing things the
hard way using Sysinternals.

--
Will



Posted by Bogwitch on January 28, 2007, 5:41 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Will wrote:
> Does any vendor make a commercial Honeypot for Windows, or one that emulates
> Windows 2000? I have a trojan on a DMZ that is spreading itself by SMB to
> other machines, and I want to see in detail what files it is grabbing and
> replacing. I can of course configure a Windows 2000 host and then use
> Sysinternals tools to get the same information, but it's more work than I
> want, and I am hoping to find a commercial tool that would save time.
>
> I saw a lot of freeware research tools, but they all looked like they would
> take as much time to learn and install and make work as doing things the
> hard way using Sysinternals.
>

If you can't be bothered to run up a few sysinternal tools, then
analysing honeypot information would be of little use to you. That said,
I don't know much^wanything about commercial honeypots. I would imagine
they will take as much effort to sort out as the freeware tools.

It might be simpler to use a virtual machine or two and investigate it
that way. Since you're confident with sysinternal stuff (I guess), you
could simplify the process with InCtrl5.

HTH,

Bogwitch.

Posted by Will on January 28, 2007, 6:21 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> Will wrote:
> > Does any vendor make a commercial Honeypot for Windows, or one that
emulates
> > Windows 2000? I have a trojan on a DMZ that is spreading itself by SMB
to
> > other machines, and I want to see in detail what files it is grabbing
and
> > replacing. I can of course configure a Windows 2000 host and then use
> > Sysinternals tools to get the same information, but it's more work than
I
> > want, and I am hoping to find a commercial tool that would save time.
> >
> > I saw a lot of freeware research tools, but they all looked like they
would
> > take as much time to learn and install and make work as doing things the
> > hard way using Sysinternals.
>
> If you can't be bothered to run up a few sysinternal tools, then
> analysing honeypot information would be of little use to you. That said,
> I don't know much^wanything about commercial honeypots. I would imagine
> they will take as much effort to sort out as the freeware tools.

It's not running them that takes time. It's configuring the filters to
exclude the things that don't matter that takes time. And writing down the
results so you have a clear track of what happened. And coordinating the
inputs of file system, registry, user logins, etc...

It would surely be much easier to have the honeypot summarize all activity
against the system from a single source, in a single log.

--
Will



Posted by =?Utf-8?B?RW5nZWw=?= on January 28, 2007, 5:42 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello Will,


Read about Specter
http://www.securityfocus.com/infocus/1683

"Will" wrote:

> Does any vendor make a commercial Honeypot for Windows, or one that emulates
> Windows 2000? I have a trojan on a DMZ that is spreading itself by SMB to
> other machines, and I want to see in detail what files it is grabbing and
> replacing. I can of course configure a Windows 2000 host and then use
> Sysinternals tools to get the same information, but it's more work than I
> want, and I am hoping to find a commercial tool that would save time.
>
> I saw a lot of freeware research tools, but they all looked like they would
> take as much time to learn and install and make work as doing things the
> hard way using Sysinternals.
>
> --
> Will
>
>
>

Similar ThreadsPosted
Why don't commercial companies have similar forensic capabilities as their physical property/buildings? October 5, 2006, 1:57 pm
Commercial cert vs. Microsoft Certificate Services generated cert June 21, 2007, 4:23 am
2008 Trend Micro Internet Security is NOT is compatible with Windows Vista SP1 and Windows XP SP3 February 1, 2008, 2:38 pm
Windows Update fails on Windows 2003 server June 23, 2005, 7:27 pm
Upgraded from Windows ME to Windows XP And Cant Upgrade Norton... October 14, 2005, 4:57 pm
Group policy for windows 2000 pro and windows Xp pro..HELP>>!!!!! May 30, 2006, 10:41 am
Windows 2003/Windows XP security question November 18, 2006, 12:34 pm
Windows Defender/Windows Live One Care March 22, 2008, 10:21 pm
Virtual Private Networking in Windows XP Pro. and in Windows 98 SE August 2, 2008, 6:36 am
New computer with new windows, but locked old windows July 2, 2005, 12:55 am

The site map in XML format XML site map

Contact Us | Privacy Policy