Review of Puppy Linux 5.0

Lucid Puppy Linux 5.0 was released back in May of 2010, but as one of my favorite distros, I have been playing with it heavily since then. I have been so impressed with the new version that I wanted to take a moment and write a quick review of this release.

You can find the official release page here, along with download information.

First, let me say that I have really come to love Puppy Linux over the last several years. I use it as a LiveCD/USB platform for secure on the go browsing, a Linux OS for old hardware that I donate to a variety of folks and causes, and as a platform for using HoneyPoint as a scattersensor. I like the ease of use, wide range of hardware support, and small footprint. All of these make this a very workable Linux distro.

This version especially seems to be stable, fast, and capable. I have taken to running it from a bootable USB drive and the performance has been very nice. Being able to drop these onto untrusted systems and use them as a browser, VPN client, and productivity tool has been handy. Using HoneyPoint Personal Edition, the nmap plugins and some other Puppy installs of security tools gives me a great platform for working incidents, gaining visibility and catching rogue scans, probes and malware that are in circulation when I pull in to help a client. Over and over again, the distro has proven itself to be a very powerful tool for me.

I suggest you take a look at the distro, LiveCD or USB and see how it can help you. I think you’ll find it fun, easy to use, and quite addicting. The pictures of the puppies don’t hurt either. 🙂

Check it out!

Laying the Trap with HoneyPoint Personal Edition & Puppy Linux Live CD

Recently, I have been capturing quite a bit of attacker probes and malware signatures using a very simple (and cheap) combination of HoneyPoint Personal Edition (HPPE) and a Puppy Linux Live CD. My current setup is using an old Gateway 333MHz Pentium Laptop from the late 90’s!

The beauty of this installation is that it lets me leverage all of the ease of a Live CD with the power and flexibility of HPPE. It also breathes new usefulness into old machines from our grave yard.

So, here is how it works. I first boot the machine from the Puppy Live CD and configure the network card. From my FTP server (or a USB key) I download the binary for HPPE Linux (available to licensed HPPE users by request), the license and my existing config file. That’s it – run the binary and click Start. Now I am set to trap attack probes and malware to my heart’s content!

It really is pretty easy and the new email alerting now built into HPPE allows me to remotely monitor them as well from my iPhone email. This makes a nice, easy, quick way to throw up HoneyPoints without needing a separate console or a centralized monitoring point.

This setup is very useful to me and has even got me thinking about adding a plugin interface to HPPE in future releases. That would essentially give you the power to write custom alerting mechanisms and even fingerprinting tools for attacking systems.

Give this setup a try and be sure to let me know your thoughts on HPPE. As always, MSI really wants to hear your ideas, input and feedback on our work.

Thanks for reading and have fun capturing attack data. Some of this stuff is pretty darn cool! 😉