Honey Pot
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Honey Pot

  1. #1
    Senior Member
    Join Date
    Dec 2003
    Posts
    244

    Honey Pot

    What are honey pot traps, what do they do and where can i get one ????????????
    The people who are crazy enough to think they can change the world are the ones that do.


    http://www.AntiOnline.com/sig.php?imageid=767

  2. #2
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    Simple Explanation
    Honeypot - A host or network with known vulnerabilities deliberately exposed to a public network. Honeypots are useful in studying attackers' behavior and also in drawing attention away from other potential targets.
    To learn some more about honeypots click the links below.
    1] Honeypots: Definitions and Value of Honeypots
    Document written By Lance Spitzner, explains honeypots very well.
    2] The Honeynet Project
    Home of the Honeynet Project, contains plenty of information
    3] Honeypot Mailing List
    Send an e-mail message to the above address.
    The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer.
    I hope that helps.
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  3. #3
    Senior Member
    Join Date
    Nov 2003
    Posts
    285
    Honey pot systems are decoy servers or systems set up to gather information regarding an attacker or intruder into your system.

    Honey pot traps tempt intruders into areas which appear attractive, worth investigating and easy to access, taking them away from the really sensitive areas of your systems. They do not replace other traditional Internet security systems but act as an additional safeguard with alarms.

    Honey pots can be set up inside, outside or in the DMZ of a firewall design. They can be placed in all locations, although they are most often used inside a firewall for control purposes.

  4. #4
    Banned
    Join Date
    Apr 2003
    Posts
    3,839

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401

    Re: Honey Pot

    Originally posted here by M3mph15
    What are honey pot traps, what do they do and where can i get one ????????????
    Why do you want one if you don't know what it is or know how it works?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    Good point SirDice!

    Other than that, I guess one could potentially use a honeypot to investigate flaws in a particular system architecture. The first time I heard it mentioned, it was from a hacker 'acquaintance' of mine that was using it to learn flaws in a particular system before he would attempt entry. If enough fingerprinting is done to gather sufficient information, somebody could potentially use a honeypot with malevolent intentions. But, like this are many other security-related tools.

    In essence, I don't think honeynets are that easy to work, so you'd rather read a lot before you try managing one. Simply because something is hyped about, or otherwise interesting, doesn't mean you should experiment it 'in the wild'. That's just a friendly advice, I'm sure you have it all figured out by now.
    /\\

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Perhaps he/she wants to learn. What a concept eh? Seriously though, using a honeypot at home and experimenting with how it works (with none-to-limited external access) isn't a bad thing. It's better to ask for advice here than do it blindly.

    The issue of risk versus info learned is always there for honeypots but the same can be said for other server types. There is always a risk that your machines -- web servers, ftp servers, databases, etc. -- may be used for further attacks elsewhere.

    Other than that, I guess one could potentially use a honeypot to investigate flaws in a particular system architecture.
    Don't think I've ever seen a honeypot used like this. Although I suppose it could be used that way by a manufacturer. (e.g., put up the latest version and see who infects/breaks in). But my understanding has always been that honeypots have many reasons to be used:

    1) research to understand better attackers, attacks and their tools
    2) EWS: Early Warning System. Great at picking up worms and common attack types.
    3) added security layer. Given that the majority of attackers are annoying kiddies, they will go after what seems easiest. Hence, a honeypot will keep them amused and out of an admins hair (somewhat -- no system is perfect).

    The addition of a firewall in front of a honeypot will help mitigate some of the risk by putting on throttling of packets out (limits DoS type stuff).

    And I will suggest Honeypots by Lance Spitzner. Amazing book and has some good advice/info about honeypots and honeynets.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    That's why I said 'in the wild'. I mean, making a honeypot to trap hackers is risky anyway, so if one doesn't set it up properly there may be consequences. I experiment with honeypots aswell, so please do not misinterpret me. Hands-on experience is the best kind of experience.

    As for using a honeypot for 'mock hacks'... I meant that after fingerprinting enough of a system, if I think I have a good idea on how it is set up I could use a honeypot to simulate that system [sure you could have another computer altogether doing the job... but not everybody affords it]. So, when you do attack the target, you have a pretty good idea on how to do it. Useful when you can be traced quickly, since you can write a script to perform most of the tasks for you. But, not the designed purpose of a honeypot I guess.
    /\\

  9. #9
    Junior Member
    Join Date
    Dec 2003
    Posts
    3
    One idea I use for a honey pot is to set up a virtual machine(using VMWare of VPC) and leave it completely open and unpatched. Then put logging and tracking software on it that saves to a remote machine and tell it to take a 'snapshot' of the machine so if a hacker does get it(not that hard without patches and such) and screw something up you can just revert to the 'snapshot'. Some hackers are smart and know how to look for the fdrivers used by VMWare and VPC so they will know they are being tricked. A honey pot like this - while running on a Host machine - will not make the Host vulnerable(unless you set up the shared netwrok wrong, I suggest doing bridged...) This seems to work well for me as the hacker(surprising how many there are out there) sees the open machine - not your precious 1337 box like mine - and unknowingly just does whatever they want to it(meantime I am logging it all so I can turn them in and what not)...
    101010 = The answer to liff the universe and everything.

  10. #10
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    But if you use both bridged and host-only connections, there is still the firewall protecting you? [I'm running a host RedHat9 with a guest XP Pro]. Or should I add specific stuff to iptables?
    /\\

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •