I have this "friend"...
that seems to know a ton of stuff about fishin' but get him in the water and the dude can catch only trees and weeds. I think it was Sun Tzo that said; "You ain't gonna learn it all just in nim there books, boy" or maybe it was my cousin Sonny, either way, there's a whoooooole bunch of truth there (once you get past the stale beer and skoal breath). Eventually, you have to get in the field and make it happen. While this is a great idea in many areas of networking, (routing,switching,data center,etc) for us security type people, folks sure do get mad when you hack into there networks without asking first. (some people...)
Our practice is more reactive. Makes sense when you consider the books are further behind then Micheal Waltrip at Bristol. The real knowledge is just on the other side of our routers...the Dark side of the Internet...
In the Navy we had a term for training; Aces teaching Aces. That basically means no one is a career trainer. Folks come in from the field to train and then they go back. Fresh and practical knowledge, not and bunch of "how it should work" from folks that do not have a clue. Same thing with security with a digital twist; you bring the hacker to you.
You do this with baiting. That bait is calling a honeypot. I just got done testing the latest Nepethes ISO located at:
http://www.dalmatech.com/downloads/Nepenthes.20.zip
This is a 520Meg ISO image that runs as a VMWare appliance. It works very good for some serious malware collection. I run a large global DarkNet sensor and report the results via Twitter (jimmyray_purser). I placed this image in the sensornet for a test and I was surprised at the accuracy for common malware and variants.
This is a very nice and fast way to learn the art of honeypotting by starting out with the most common threat today. I highly recommend that you use this as a tool to become a stronger security professional and grow the skill more and more. Be prepared to be very surprised at what...and who you will find!
Jimmy Ray Purser
Jimmy Ray Purser is the technical co-host for Cisco's TechWise and BizWise TV. Jimmy Ray also conducts advanced training for engineers across North America and Europe and regularly speaks at industry conferences such as VON, CeBIT, N+I, and Networkers. As a field engineer, Jimmy Ray experiences networking first hand behind the console or in the rack. He is an active member in the IEEE and the Ethernet Alliance and has designed, installed and tested numerous networks for Fortune 500 companies, the United States military and other institutions worldwide. He holds 3 U.S. patents for Ethernet security algorithms with two others pending and one defensive publication, as well as numerous other vendor certifications in networking and security.
Purser holds a Bachelor of Science degree in electrical engineering from Southern Illinois University is currently pursuing a master of science degree in electrical engineering.
The Leader in Network Knowledge
Thank you!
I have been looking for resources to get into honeypotting. Great blog post! I just started following you on twitter as well.
Jim Francis
I like the web interface to this ISO. This is one of my new top blogs. I am glad you are blogging for Network World. Hey Jimmy Ray, we still use some of the networking troubleshooting guides you wrote up in the Navy.
Thank you Jimmy good
Thank you Jimmy good works.
youtube eglence avrupa webmaster izlesene video izle