So I built a firewall, and that was fun watching the denied traffic. The I added portsentry to have a little more fun with the SSH and Telnet ports. Now I want to see what do these people plan on doing if they got access to my server?
I decided to build a honey pot, or honey net. I'm planning on building a xen server and use the virtual guest (or DomU I guess) as the sacrifice. I'm still in the building of the server phase and I'm using Jeos (Just Enough OS) [http://www.ubuntu.com/products/whatisubuntu/serveredition/jeos] however I wonder if just a nice minimal Debian build would have been better.
I want to find out if I can build a kind of snapshot xen guest. One that every time I reboot it, it will return to it's pristine state so that no matter how much a script kiddie horks the virtual machine, it will always return to a fresh usable state. If the virtual environment doesn't work, I'll have to build a custom live CD. Then I can just keep rebooting clean.
I'd also like to try this with OpenSolaris [http://opensolaris.org/os/]with containers. Maybe I'll try this with all three methods and report the results.
Subscribe to:
Post Comments (Atom)
Posts
0 comments:
Post a Comment