I have mentioned how I use Microsoft’s Virtual Server to create hosts for different projects. So I thought I would write a howto showing how to get Virtual Server up and running. I took screenshots of the whole process and describe some useful features that I use. There are several different virtualization products, but I think the Virtual Server is one of the better ones. It is also free too.
First download Virtual Server from Microsoft’s web site. Continue reading ‘Setup a host with virtual server’
Archive for the 'IT' CategoryPage 2 of 2
A honeypot is a computer system that is designed with the intent to catch hackers. It is positioned in a network in a spot where it is a good target for hackers. Honeypots can be used to detect malicious activity on a network or to prevent hackers from hacking a network by being a decoy. Honeypots are also frequently used for research to detect and analyze new worms and attacks. There are two basic catagories of honeypots, high-interaction and low-interaction. A high-interaction honeypot is a system that is designed to be completely compromised. A low-interaction honeypot is a system that simulates different parts of a network system. In this article we are going to build a low-interaction honeypot with the Windows program HoneyBot.
Honeybot which can be downloaded here is a Windows program that opens over 1200 TCP and UDP ports and simulates common services on them. It then captures all packet traffic to these ports and logs the packets and IP address. It is able to simulate some basic services by replying on certain ports. It is also able to capture worms and trojans by saving them to a folder. It is an easy to use program that is a good choice for getting your feet wet with honeypots.
Continue reading ‘Run a Low-Interaction Honeypot with HoneyBot’
I’ve always known how to do basic IP sniffing, but with all the recent news focus on the Data Mining of the NSA and AT&T I decided to do a little research and dig into IP sniffing. Obviously the NSA uses some pretty sophisticated software and hardware to handle all the IP data that they collect, but there are plenty of open source tools that will do pretty much the same stuff for a smaller network.
The best program for packet capture and analysis is Ethereal. It captures packets and displays them in a nice GUI. It can also save the packets to a file and open and process captured packets files. It has the ability to process the packets by applying filters. For example, you could filter out all arp traffic, or only capture http. Ethereal also allows you to filter by TCP stream. It can display all the data portions of a packet in the stream that they came in. In this way, you could reconstruct an html page, or smtp email. However the purpose of this article is not to be a guide on Ethereal, but to show you how to arrange your network to sniff your internet connection and capture all packets coming and going across your internet pipe.
There are many reasons that you might have to want to sniff your internet connection, or even to capture and record all packets that are passing through. One reason is that it is a fascinating and great way to learn about networks and how packets flow through the network. Another reason could be to find and defeat a hacking attack or malware. You could also monitor your network to determine what users are doing and watch them. (like the nsa) Continue reading ‘Network Layouts for IP Sniffing’
I’ve had a very busy last few weeks, working on some different project for at work, and finishing up finals for my night classes. I’ve learned several interesting things in the past two weeks at my job.
The first thing that I learned was that Dell support people will bug you until you fix your computer. A hard drive went bad in one of our production servers. So I called Dell Gold support (which thankfully has american techs.) to get a replacement. After a lot of discussion, the tech told me to run a firmware update which would fix the issue. So I had to explain to him that it was a production server, and to do the fix he wanted would require me to schedule downtime and then go in to the hosted environment on a Saturday and perform the fix. Continue reading ‘Lessons learned from IT this week’