______________________________________________________________________________

HONEYNET/HONEYPOT PROJECT
______________________________________________________________________________

Meeting: 3/30/06 7:00pm, ITL
Attendees: Todd, Wenjin, Patty, Cyrus, Creigh
Meeting Duration: Approx. 2 hours

______________________________________________________________________________

Accomplishments:
______________________________________________________________________________

1) Tried setting up a honeypot VMware virtual machine guest on an old COSI
   computer and another slower computer.

   - Found out that these computers are too slow to run a guest effectively.
   - Not enough RAM and CPU too slow.

2) Found out a Snort default configuration parameter: the "-A full" command
   line option is default.

3) To detect a port scan, we ran this command:

   snort -i 7 -h 128.153.144.0/24 -l c:\snort\log -c c:\snort\etc\snort.conf

4) We have a first attack (port scan) that was captured by Snort.
   See the main webpage to download the .cap Ethereal trace file.

   Creigh ran nmap to scan Todd's computer:

   nmap -sT -PT 128.153.144.218

5) Downloaded filemon for Windows and ran it.

______________________________________________________________________________

TO-DO List:
______________________________________________________________________________

1) Look into running Snort, Tripwire, Tethereal, on Linux and having it monitor
   a Windows host.

______________________________________________________________________________

References:
______________________________________________________________________________

1) http://en.wikipedia.org/wiki/List_of_well-known_ports_(computing)

2) http://www.jsifaq.com/SUBN/tip6600/rh6691.htm