Abstract
The main objectives of this work is to present our preliminary experience in simulating a virtual distributed honeynet environment at King Fahd University of Petroleum and Minerals (KFUPM) using Honeywall CDROM [1], Snort, Sebek and Tcpreplay [3] tools. In our honeynet design, we utilized the Honeywall CDROM to act as a centralized logging center for our distributed high-interaction honeypots. All honeypot servers, as well as the Honeywall CDROM itself, were built on top of a virtualized VMWare environment, while their logs were forwarded to the centralized server.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
The Honeywall CDROM, https://projects.honeynet.org/honeywall/
Argus: The Network Activity Auditing Tool, http://www.qosient.com/argus
TCPreplay, http://tcpreplay.synfin.net/
WireShark, http://www.wireshark.org/
Le Blond, S., Legout, A., Dabbous, W.: Reducing BitTorrent Traffic at the Internet Scale. A Presentation at the Internet Research Task Force, IRTF (March 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sqalli, M., AlShaikh, R., Ahmed, E. (2010). A Distributed Honeynet at KFUPM: A Case Study. In: Jha, S., Sommer, R., Kreibich, C. (eds) Recent Advances in Intrusion Detection. RAID 2010. Lecture Notes in Computer Science, vol 6307. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15512-3_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-15512-3_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15511-6
Online ISBN: 978-3-642-15512-3
eBook Packages: Computer ScienceComputer Science (R0)