In this work a network intrusion system (package) must implement based on high interaction honeypots. There are two honeypots with different platforms (ubuntu and windows server 2003) connect to the gateway machine (with ubuntu platform) .Any interaction to the honeypots assumed as suspicious and system alert must be generated. Description of each part as follow:
1- The honeypots devices provide services to the user like ftp, http, pop3, telnet, ssh.
2- Gateway machine provide centralized logging of all devices in the network, run host based detection system (snort), run the system package.
3- System package contain 5 modules