Re: Commercial Honeypots for Windows?

"Bogwitch" <Bogwitch@xxxxxxxxxxxxxxxxxxx> wrote in message
news:zE9vh.81498$n36.74261@xxxxxxxxxxxxxxxxxxxxxxx
Will wrote:
Does any vendor make a commercial Honeypot for Windows, or one that
emulates
Windows 2000? I have a trojan on a DMZ that is spreading itself by SMB
to
other machines, and I want to see in detail what files it is grabbing
and
replacing. I can of course configure a Windows 2000 host and then use
Sysinternals tools to get the same information, but it's more work than
I
want, and I am hoping to find a commercial tool that would save time.

I saw a lot of freeware research tools, but they all looked like they
would
take as much time to learn and install and make work as doing things the
hard way using Sysinternals.

If you can't be bothered to run up a few sysinternal tools, then
analysing honeypot information would be of little use to you. That said,
I don't know much^wanything about commercial honeypots. I would imagine
they will take as much effort to sort out as the freeware tools.

It's not running them that takes time. It's configuring the filters to
exclude the things that don't matter that takes time. And writing down the
results so you have a clear track of what happened. And coordinating the
inputs of file system, registry, user logins, etc...

It would surely be much easier to have the honeypot summarize all activity
against the system from a single source, in a single log.

--
Will


.