Results 1 to 10 of 10

Thread: Honeypots

  1. #1
    Junior Member
    Join Date
    Oct 2003
    Posts
    15

    Honeypot

    I'm Intrested at setting up a honey pot . Does anyone have any experiace setting up such device. If so what should i be woried about when i set one up. I don't care if they break in i just want to track their movements and prevent them from crashing the hard drives other than that they can do what they want.
    I know that i should probobly stop outgoing traffic from the machine so they dont use it as a spring board to attack other computers any other things I should do.

    David Shirley


    fixed the name

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    I believe you mean honeypot. Visit http://www.honeynet.org for up-to-date info and ideas. I've been playing with one on Linux and and FreeBSD. You can get some for Windows if you want or use VMWare as an alternative.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    any other things I should do
    Embalmed: Learn a _whole_ lot more before you start. Not to be offensive but if you don't know what it is called you surely aren't ready to start playing with one.

    I have considered it in the past and decided against it. Why? Because even with all the time and study I have put into this field I know I'm not good enough at it yet to make it a worthwhile and _safe_ exercise....... Catching a couple of script kiddies is one thing but getting yourself one of the "bigger fish" is a whole different ballgame.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    As if security isn't hard enough. Could the lawyers make it tougher? The article below is only an opinion article.

    Honeypots: Are They Illegal?

    http://www.securityfocus.com/infocus/1703

  5. #5

  6. #6
    Junior Member
    Join Date
    Jul 2003
    Posts
    9
    embalmedlenin, you will have to do a lot of research. You will need to talk to your ISP and honestly i do not think that they will approve. You also need to learn about the difference between virtual honeypots and having the honeypot directly connected to the internet with its own ip... so that you can have a different ip address for monitoring. It might be better just to read some white papers on it, and learn how to do it rather than actually setting one up.

    berg

  7. #7
    Junior Member
    Join Date
    Oct 2003
    Posts
    15
    I just forgot the name i went alittle brain dead. Any way thanks for all the hints

  8. #8
    Senior Member
    Join Date
    Jul 2002
    Posts
    117
    I did an Independent Study course on Honeypots as an undergrad last semester that was just awesome. At the beginning of the semester, I had no clue what they were or how they worked, but by the end, I was running and configuring some left and right. Below, I'll list some links I used.

    alpha

    ------------------
    Links:

    Honeypots: Tracking Hackers Yes, I know this link has already been posted, but this is the main book I used for the course. One word describes it: OUTSTANDING!! A very easy read, yet at the same time, very informative technically. A must read for anyone interested in Honeypots or Honeynets.

    Back Officer Friendly - An incredibly simple honeypot that just emulates open ports and logs attempts to them. Hardly any installation, easy configuration, but when you telnet to 23 of the host box, the password is visible when you type it. Runs on Win9x/ME/2000/XP.

    Specter - Another low interaction Honeypot, but this one emulates services and (attempts to emulate) OS's. Last I looked, it was very expensive to purchase and the demo verson on the "Tracking Hackers" CD only ran for a second or so. Runs on Windows NT/2000 systems. The good: When you emulate an OS, it also emulates OS specific servers/software/etc. For example, tell it to emulate Linux and port 80 as being open, when someone connects port 80, a fake generic Apache page is shown. The bad: an NMAP scan using the -o option can reveal the true OS (Windows) no mater what OS your trying to emulate.

    Honeyd is the honeypot I have the most experience with, but unfortunately, I don't have a valid link for it. It's another low interaction honeypot, which runs on *nix, that emulates open ports, and can emulate the services behind them. People contribute their own service emulation scripts to the project, which can make this honeypot highly customizable. The coolest thing about this one is that it uses the same fingerprint file that NMAP uses to ID scanned hosts to fool NMAP into falsely identfying host OSes. Honeyd was written by Neils Provos while at the University of Michigan. Unfortunately, Michigan, a few months back, passed a DMCA-ish law that outlawed forged source teleco communications (Honeyd used arpd to claim unused IP addresses and pretended that they were valid machines, with the perp on the other end hopefully unaware), causing Neils to go host it offshore somehwere. American IPs were no longer allowed to download it, or even access the site it was on. Bummer, Honeyd was awesome.

    OK, that's enough of a brain dump for one sitting. I gotta get to homework. Hope this all helped.

    alpha

  9. #9
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    honeyd project

    Other interesting "pre-fab" honeypots:

    http://violating.us/projects/baitnswitch/

    The Deception Toolkit (aka TDK)

    I've played with honeyd and BnS. BnS is interesting but requires iproute2 (which doesn't like 2.4.22 kernel -- ugh). Both are neat to play with.

    I've added honeyd as an attachment. I obtained it from the link above. I wasn't aware they were blocking American downloads (I'm a Canuck).

    Oh.. And I'm fixing the title of the thread. It's bugging me.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  10. #10
    Senior Member
    Join Date
    Jul 2002
    Posts
    117
    Sweet, you can download it still from Provos' site. Last I saw, it had some massive questionare that you had to answer before you were admitted to the stie. That was a few months ago though. Thanks for posting the link Ms. Mittens, I should have checked.

    As for the IP blocking thing, that was more of a guess than anything. I couldn't get to it/find it, so I made an assumption. And yes, I know what happens when you assume something...

    alpha

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •