honeypot needed for waf testing

Discussion:

false

2010-08-23 15:21:29 UTC

I need to test my WAF. I want to set up a simple network in the lab like this:
XP or Linux client <--> WAF <--> Honeypot/test webserver

1) Does anyone have any suggestions on what I can use to simulate/generate attacks/suspicous traffic towards the weberver from my client?

2) Is there a honeypot image out there that I can download that would be good to be the role of my test
webserver?

Any suggestions or ideas are very much appreciated.

V***@vt.edu

2010-08-24 05:30:23 UTC

Permalink

Post by false
XP or Linux client <--> WAF <--> Honeypot/test webserver
1) Does anyone have any suggestions on what I can use to simulate/generate
attacks/suspicous traffic towards the weberver from my client?

There's tools to do specifically that. However, you probably already have many
of the tools you need - just point stuff like nmap and nessus at your honeypot
and see if your WAF notices. If it doesn't notice you doing the nmap, it won't
notice an attacker doing the nmap. If you have hping3, try sending a few
christmas-tree packets at your honeypot, see what happens. Get a copy of
metasploit and point it at the honeypot. And so on. Pretty much any auditing
tool you have can also be used as an attack tool.

Mayank.2.Bhatnagar

2010-09-29 11:38:41 UTC

Permalink

Hi all,

This is in reference to some experiments and on going work on PE header analysis of binaries to identify whether a binary is malicious or non-malicious.

It is made out that looking at PE header itself, one can make out that the captured binaries are suspicious, malicious or not.

What do you feel is the practicality of results achieved? Did anyone reach any prominent practical result, which could be achievable in real time?

Looking forward for some views..... :-)

Regards,
Mayank