I\'ve been investigating to deploy a honeypot for research purpose, Honeyd seems

Question

I've been investigating to deploy a honeypot for research purpose, Honeyd seems like the most popular and adequate option to my needs, but it seems too old, the last version of this software was launched almost seven years ago (2007) and makes me think if it's still a good honeypot solution.

I would like to know if there are other solutions as Honeyd was in his time, or it's still the best option?, what are the new tendencies in Honeypot? and what are the most common ways to deploy a research Honeypot?.

I need to deploy a honeypot inside a network that is attacked, most common attacks are port scans, NETBIOS SMB-DS Session Setup, SNMP request, ICMP, etc. But there are more than 400 types of attack.

I would also like to integrate this honeypot with a currently deployed snort, for optimum data collection, what could be the best choice? or can i integrate different honeypot solutions?

Thanks ahead...

Explanation / Answer

There are a lot of options in this regard. If honeyd is the wa you are swinging let me say I'm a big fan of the NOVA project - it uses honeyd as a base and provides an easy to use web UI as well as data correlation facilities.

See novaproject.org for the official home page.

The Nova Project is open source. See the github page for the source and instructions for installing.

If you want something precompiled ADHD is an option.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.