Anyone ever tried this?

Discussion in 'Networks' started by zebulebu, Jan 2, 2007.

  1. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Just for giggles yesterday I ran my WAN traffic from my modem through a hub before it reached my firewall so that i could connect a box outside and sniff some traffic (I plan to include it in the much-delayed final part of my Ethereal/Wireshark tutorial) from the 'unsanitised' Internet.

    It worked fine - I got loads of juicy messenger spam & 1433/143 probes amongst the rest of the usual background noise - and I'm thinking of hardening the box and leaving it on there, just to see what flies I can attract.

    Its not exactly a honeynet i know, but it might be interesting to see the actual packets that get blocked by my firewall...

    Anyone ever tried this and have any suggestions for what OS to put on the box? I'm 90% certain it'll be some stripped down flavour of Linux, but it might be a perfect time for me to learn FreeBSD - as I understand you can configure that down to the real barebones - all it needs to run is the absolute basic OS and Wireshark, so it should be (relatively - especially for someone with no experience of it) easy to set up.

    Anyone have any thoughts?
     
    Certifications: A few
    WIP: None - f*** 'em
  2. Spice_Weasel

    Spice_Weasel Kilobyte Poster

    254
    45
    45
    The Darknet Project is the place to start - an excellent introduction to creating a passive, invisible packet vacuum. At work we have a good sized block of unused ip's which make an excellent darknet.

    http://www.cymru.com/Darknet/index.html

    A home darknet is not ideal, since the ip is used for legitimate traffic, but it is very interesting to see what is blocked.

    Spice_Weasel
     
    Certifications: CCNA, CCNP, CCIP, JNCIA-ER, JNCIS-ER,MCP
    WIP: CCIE
  3. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    As far as I can see there isn't much to choose from FreeBSD and a non-X11 Linux distro like Debian. Both can be pared down to the bone on resources.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.