[Snort-users] inside or outside
Keith.McCammon at ...3497...
Fri Jul 19 13:39:06 EDT 2002
> I've considered setting up a honeypot but not before I learn
> alot more than
> what I know now. It's a tremendous responsibility considering
> if not setup
> properly could backfire.
Very good idea to wait. When set up properly, they can be valuable tools. When done hastily, they usually just cause trouble.
> For now, though, what I plan on doing is punching a hole through the
> firewall to a common port like portmapper (111) then placing
> something on
> it that'll allow the port to appear open like running nc -l
> -p 111 -v along
> with snort and seeing what I capture.
This will get you started. However, you're only going to be able to examine stimulus. Still, as you mentioned, you can get started with something like this until you feel comfortable working on a live/test network.
More information about the Snort-users