Honeypot on Amazon EC2

Viewing 10 reply threads
  • Author
    Posts
    • #6677
      Triban
      Participant

      Has anyone tried this and would it be against their TOS?  I would think it would be a grey area.  I would setup one of these outside of my home network rather than in it.  I don’t have the ability to segment in the home network… yet… but figure this might be the best solution if it is doable.

      Any thoughts or suggestions?

    • #41499
      cd1zz
      Participant

      I would contact the security group aws-security@amazon.com

      Also, here is some useful info: http://aws.amazon.com/security/

      However, the email group is actually pretty responsive so I would start there.

    • #41500
      Triban
      Participant

      Thanks cd1zz, I will see what they say.  No sense putting energy into it if they will just take it down or tell me to kill it.

    • #41501
      Triban
      Participant

      Follow-up, yep definitely against the TOS.  Ok plan B I guess capture the neighbor’s wifi and…  nevermind.  j/k.  Guess I may have to ramp up some networking at the house and segment.  I could just go shields up on everything but really don’t want to risk it.  I already have some entertainment devices that don’t seem all that secure and I would like to segment them off anyway.  Time to look for a new switch and possibly a router. 

    • #41502
      dynamik
      Participant

      Have you looked at a VPS (i.e. arpnetworks.com)?

      I’m not sure if they’d allow it, but it’s worth asking (and costs as low as $10/mo).

    • #41503
      Triban
      Participant

      I’ll take a look at them.  Though at this time I decided to put the extensive malware analysis on hold a bit.  I will work with what I get in the wild. I am refocusing more on my python skills since the two main goals I have now require me to be a bit stronger with the scripting. 

      Overalll it will lead back to malware analysis and maybe even open the doors to some reverse engineering in the future.  Man wish I went CS sometimes.  MIS seems to have been a hinderance since a majority of the skills taught in that major 10+ years ago were not so useful then and even less useful now.  Got a little jealous when I looked at the CS curriculum at my old university.

    • #41504
      ethicalhack3r
      Participant

      I was thinking the exact same thing and Google led me here. 🙂

      Even though it is against their TOS, how would they know you were hosting a honeypot?

      I’ve never used Amazon EC2 before so I’m not sure how it works.

      I guess they do some monitoring on the boxes traffic for malicious activity? Even if they did, with the amount of boxes they are hosting, would they have the time to take any action?

      (just thinking out loud and sorry to resurrect an old thread)

      Edit—

      I was thinking about using something like this;
      https://hub.turnkeylinux.org/

      Edit—

      TurnkeyLinux Hub doesn’t allow you to use the free 1 year micro server offered by Amazon and their registration process is ridiculous.

    • #41505
      Triban
      Participant

      I was thinking about that (running it anyway).  I suppose if you are running something like a web server then how would they know you are deliberately running a honeypot behind it?  Their free EC2 instance for linux is a bit hoaky though so navigating it to install apps and hunting down the appropriate log files is a bit more convoluted than what I am used to.  At this time I’ve put a hold on the little project until I can get some other items done. 

    • #41506
      Anonymous
      Participant

      cool idea however I would not do it epically as you have contacted them and they have told you its against there TOS.

    • #41507
      Triban
      Participant

      True Jamie, I can’t play dumb now since I did contact them.  No biggy, I have other things filling my time at the moment. 

    • #41508
      ethicalhack3r
      Participant

      I set-up a web server over the weekend.

      You can choose an official Ubuntu machine, type in the official Ubuntu user ID when doing a search for machines.

      The web server is just Apache with a htaccess file that contains modrewrite rules to reply with 200 responses instead of 404s.

      I’m just going to monitor the access logs from now and then. It might yield somethign interesting, it may not, hasn’t cost anything. 🙂

Viewing 10 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?