As is typical of most SANS GIAC papers, the writing and layout is a bit rough at times, but I really dig the amount of information Justin presents about beginning honeypotting. I won’t litter this post with links, since the paper is filled with great links. He talks about Nepenthes and Bubblegum open proxy as the main honeypot tools. He also discusses the use of iptables and tc (traffic control), Snort, Swatch. Hell, he also has some useful tidbits about detecting whether a system is running as a guest VM or not.
I became just a little more convinced about the value of a honeypot, but not enough to ratchet that up my list of projects to do at home. It’s there, just not very high since it is more a curiosity to me since I don’t really do active malware research.