Cyber Security Expo
Building a GenII Honeynet Gateway by Diego González Gómez on 28/12/04

Honeynet technologies are a great way to improve and to learn about network and system security. However, the implementation of these techniques requires a high level of knowledge in these areas and involves a certain degree of responsibility.

A GenII Honeynet Gateway is the most critical element in a GenII Honeynet. Basically, it is the gateway of the Honeynet, but it is also a firewall, an IPS (Intrusion Prevention System), and a network traffic/system logger.

There is a bootable CDROM that makes the implementation of a Honeynet Gateway easer, simply called the Honeywall CDROM. As the authors say: 'The intent is to make honeynets easier to deploy and customize. You simply boot off the CDROM, configure it based on your environment, and you should have a Honeywall gateway ready to go'. If you do not want to complicate things, you can simply download the CDROM image from and stop reading here. On the other hand, if you want to learn how to build a Honeywall from scratch please read on.

This paper explains the overall steps to build a Honewall using Red Hat Linux 9.0, but most of the instructions can be applied to any other Linux distribution. It is assumed that the reader understands the basics of honeypots and the related terminology. In addition, I would also recommend a read of the 'Know Your Enemy' series papers from the Honeynet Project at

This document is in PDF format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , All rights reserved. Comments are property of the respective posters.