A couple of us wanted to setup a honeypot/honeynet with the goal of learning; not planned to be in a production environment. What's a good recommendation for a high interaction or low interaction honeypot. Also we'd like to eventually report the findings into some kind of businessy style report so something that compiles the information would be good too.
I've looked into the following but if you like these please let me know why:
- honeyd - great overall but a low interaction honeypot
- mwcollect/nepenthes - most well supported but too low of interaction
- cuckoo - sounds interesting but difficult setup and outdated documentation
EDIT: Which honeypots have given you the best results for malware analysis. Low interaction honeypots will not go much further than pretending to have a port open, but I'd like to track an attack, allow the payload infection, contain it from anywhere else, and generate a report based on that and then after the attack, start over again with a clean environment.
Does anyone do honeypots anymore? :)