hunny pot program
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: hunny pot program

  1. #1
    Member
    Join Date
    May 2002
    Posts
    63

    hunny pot program

    Im going to make a hunnypot kind of program which will fake services like telnet and log everything that happens, its goin to be coded in vb. I was wondering if anyone has any ideas of what kind of things i could add to it?

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    You spell like Pooh.

    I couldn't help it, sorry.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  3. #3
    Antionline Quitter..Srsly
    Join Date
    Aug 2001
    Posts
    457
    lol...bet ya could have :P
    \"\"A weak mind is like a microscope, which magnifies trifling things but cannot receive great ones.\" — G.K. Chesterton, 19th-century English essayist and poet\"

  4. #4
    Member
    Join Date
    May 2002
    Posts
    64
    A good fly trap would have a simulated network with layers ie servers, routers, printers, workstations. Im not sure if you know of this site but it might be interesting to you http://project.honeynet.org/

    Here is some info (cut-n-paste)

    Ready-Mades
    There are quite a number of ready-made honeypots, free and commercial. A couple of freebies that I like, not only for their functionality, but because the source code is available to audit and modify:

    The Deception Toolkit is completely fake, it depends on Perl scripts to create a simulated environment. It includes a lot of fancy sidestepping and double-talk, such as fake coredumps, fake ports, and fake error messages. It is designed to lure an intruder down the garden path and keep them going until they've created an extensive trace. It gives quite a bit of flexibility in creating realistic scenarios to fool intruders, depending how advanced your scripting skills are. The author states that it is not good enough to fool a truly skilled cracker, but will create enough confusion to foil most of them.

    LaBrea creates a tarpit or, as some have called it, a "sticky honeypot". (I think of it as a roach motel for crackers.) It takes unused IP addresses on a network and creates virtual machines that answer connection attempts. Intruders get hung up, sometimes for a long time. It uses what it calls "persist mode trapping" to maintain a connection for the longest possible time, tying up the intruder's time and bandwidth. What is really cool is it also throttles your bandwidth- what a perfect world, wasting an attacker's time and bandwidth while preserving your own.

    Risks
    A poorly-contained honeypot puts the rest of your network at risk. There is also the temptation to retaliate. Be careful, stay within legal means. Returning tit for tat only gets you in trouble. Remember, the goal is to increase your own security, not go to war with the script kiddies.

    hope this helps you and good luck with your project!!
    Integrity...loyalty.....and the willingness to make a better world for us all.

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    i going to make a cray out of curtains
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Tedob1> Mine is out of a cardboard box.... It looks more like an Irix though. Just ask hogfly about it sometime (he is normally on irc.antionline.com )

    anyway
    trials> The more you can add to it the better. You obviously don't want to go overboard and have 200 open ports, because that would look suspecious, but 7 to 10 ports on any given server isn't very rare. As seeker said, if you can make it look like an entire network, that is even better. All I have to say is good luck doing it all in VB though...
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  7. #7
    Antionline Quitter..Srsly
    Join Date
    Aug 2001
    Posts
    457
    yea VB might not be the best choice for this...maybe u should try C...when i see a VB like prog i get a bit sucpecious considering lots of virri is made in VB due ot its ease of use :/
    \"\"A weak mind is like a microscope, which magnifies trifling things but cannot receive great ones.\" — G.K. Chesterton, 19th-century English essayist and poet\"

  8. #8
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Why don't you take a look at Port Sentry? They've been doing this type of thing for quite a while. You might get some ideas there.

    www.psionic.com
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  9. #9
    Member
    Join Date
    May 2002
    Posts
    63
    Thanx for all your help everyone and sorry about the spelling. I would code in in C but i havent got the hang of it yet.
    If its not broken it can still be inproved.

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Location
    Ireland
    Posts
    735
    I'd say write it in C because most people who'd be using TELNET for anything interesting will probably be running and operating system (eg. Linux, BSD...etc) which doesn't accept VB.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •