• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

ESXI Virtualised Honeypot Final Year Project

N

netsec

Junior Member
Hi everyone,

This is my first post and I was wondering if anyone had the expertise to advise me on what I'm doing and the best way to go about it.

I've decided to design an implement a honeypot for a small-medium enterprise (SME) as my final year university project. The plan is to host 1/2 honeypots and an IDS/Firewall on a single machine running as ESXI instances - the specs of the machine are: 8gb RAM, 3ghz quad core cpu, 1TB HDD.

This will be hosted at my parent's house and administrated remotely by me over the internet. I plan on doing this either by a VPN with a Raspberry pi as the VPN entrance point or an SSH tunnel. I then plan on port forwarding the necessary ports in order to be able to use Vsphere remotely to configure the VM's. Do you think this should work?

Security wise I plan on having a virtual firewall to supplement the crappy existing BTHomehub and the honeypots and firewalls will need to be put in a DMZ so they don't have access to my LAN. Can I put more than one device in the DMZ by use of a esxi virtual switch or by using a virtual firewall? The homehub will only allow me to put one device in the DMZ.

Please let me know your thoughts on this project and any suggestions you may have.

Thanks!
Jack😀
 
Hmm..

This is suppose to be your final year Project.

Not an Internet collaboration Project of IT Pros.



😎
 
Last edited:
Agreed with JackMDS on this one. Personally I'm not a big fan of putting honeypots anywhere near a corporate network.
 
So research. There's a difference between finding data that already exists and asking your own direct questions, hoping to short cut. If you can't find something that's specific to your question, or is shown to be extraordinarily unique, then that's another thing.

The question you need to ask yourself is do you think your plan for VPN access will work or not. Why or why not? Have you tried it?

A lot of school work is trial and error and experimentation, not proving whether something will work by asking someone else, that is, other than your teacher or professor.
 
To administer ESXi6 remotely, you only need to forward port 443. However, you will not be able to connect to the remote console without forwarding a ton of other ports. Generally doesn't work very well. My advice? Install a windows management VM that you can RDP to.

In regards to the rest, I ran a Windows 2000 webserver directly on the Internet without a firewall hosting about 200 websites for various local businesses for over 4 years and it was never once targeted for anything.

In contrast, I had several DoS attempts per day on the nameservers.

What, exactly, are you trying to find with this honeypot?
 
drebo said:
To administer ESXi6 remotely, you only need to forward port 443. However, you will not be able to connect to the remote console without forwarding a ton of other ports. Generally doesn't work very well. My advice? Install a windows management VM that you can RDP to.

In regards to the rest, I ran a Windows 2000 webserver directly on the Internet without a firewall hosting about 200 websites for various local businesses for over 4 years and it was never once targeted for anything.

In contrast, I had several DoS attempts per day on the nameservers.

What, exactly, are you trying to find with this honeypot?
Click to expand...

This necro is Spam, but let me just say that connecting to a VM Remote Console now only requires port 902 and 443. You can use the VMware Host Client for standalone hosts. So it's really not that big of a deal. I'm still all for single locked down point of entry, but just saying it's not a "ton of other ports" any longer for 6.0 and up.
 
Keep in mind the web interface is the "official" way of managing hosts now. I've had a variety of issues and oddities trying to use the standalone client to manage 6.5 hosts.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top