TUM Logo

NoSE - building virtual honeynets made easy

We developed a system called Network Simulation Environment (NoSE) to simulate arbitrary network environments on a single Linux machine. NoSE provides a GUI and a management daemon that is capable of generating a complex network containing virtual hosts and switches with just a few clicks. Different virtual machines and network configurations can be archived in a library for later reuse. NoSE integrates different virtual machine emulators such as Xen, User-Mode-Linux and QEMU, the Linux kernel's bridging facilities, and various network management and monitoring tools. Possible applications for our system include network simulation, testing, training, distributed application development, and analysis of security issues. In this paper we focus on building high-interaction honeynets with NoSE.

NoSE - building virtual honeynets made easy

Proceedings of the 12th International Linux System Technology Conference (Linux-Kongress 2005)

Authors: Frederic Stumpf, Andreas Görlach, and Lars Brückner
Year/month: 2005/10
Booktitle: Proceedings of the 12th International Linux System Technology Conference (Linux-Kongress 2005)
Address: Hamburg, Germany
Publisher: GUUG e.V. / Lehmanns / Ralf Spenneberg
Fulltext:

Abstract

We developed a system called Network Simulation Environment (NoSE) to simulate arbitrary network environments on a single Linux machine. NoSE provides a GUI and a management daemon that is capable of generating a complex network containing virtual hosts and switches with just a few clicks. Different virtual machines and network configurations can be archived in a library for later reuse. NoSE integrates different virtual machine emulators such as Xen, User-Mode-Linux and QEMU, the Linux kernel's bridging facilities, and various network management and monitoring tools. Possible applications for our system include network simulation, testing, training, distributed application development, and analysis of security issues. In this paper we focus on building high-interaction honeynets with NoSE.

Bibtex:

@inproceedings { Stumpf2005,
author = { Frederic Stumpf and Andreas Görlach and Lars Brückner},
title = { NoSE - building virtual honeynets made easy },
year = { 2005 },
month = { October },
booktitle = { Proceedings of the 12th International Linux System Technology Conference (Linux-Kongress 2005) },
address = { Hamburg, Germany },
publisher = { GUUG e.V. / Lehmanns / Ralf Spenneberg },

}