1. Author

      I will look and write a review as suggested. Thanks!

  1. Hi,

    I’ve ust encountered a rootkit security problem in my server.

    Can you suggest some tools for me?I know snort honeyd and kippo,anything else?


    1. Author

      Rootkit can infect the OS up until kernel level. IMO the best way to get rid off rootkit is to shut down the server and boot into other OS like live CD, then scan with anti-rootkit software available on the market. This IDS (Kippo/Honeyd) is not helping you much in solving your problem.

      1. Thanks,but I want to find “him”, any ideas can help?

  2. Hi

    I understand the concept but what do you do when you have honeypot running? Suppose attacker enter your honeypot, then what? You’ll list ther ip and get hacker banned from your network?


    1. Author

      Eventually, it was started when my boss did not believe that our network was still vulnerable after some major infra upgrade. I have setup this honeypot to show him that the possibilities are still exist. After 3 days, the honeypot captured 16 intruder IPs.

      1. Thank you sou much. I asked you about because I read a Twitter of ISP which tell people they are using honeypot to locate range of attacking ips from China and then they manage to ban all of these ips. No explain how. But I’ve noticed this twitter spoke about “honeypot”.

        Thanks again, nice blog!

        1. Yep…I’m from China. Chinese governments often do this but they never admit it. And Great Firewall of China blocks us browsing these sites.

          Can you tell me the twitter location so I’ll take a look?Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>