Network attack and defense is a never-ending war. Along with the rapid development of the Internet, network attacks have increased and diversified. Use of traditional firewall and intrusion detection technologies cannot match to this rapid change. In response to this trend, we designed and implemented a distributed early warning system where several clients collected a wide range of network attack activities, such as malicious codes, sent attack activities back to a central server, and provided warning messages to the network administrator. The proposed system consists of Snort intrusion detection system with Nepenthes/Sebek honeypot software. This combination comes with client and server architecture so that various aspects of attack-oriented records with analytical capabilities are provided. Network administrators will receive warning notices when the entire network under monitoring was attacking. To reduce the burden on the deployment of distributed early warning system, we also implemented the system on the live USB and our system can be easily installed with high portability and plug-and-play features.