Im going to make a hunnypot kind of program which will fake services like telnet and log everything that happens, its goin to be coded in vb. I was wondering if anyone has any ideas of what kind of things i could add to it?
Printable View
Im going to make a hunnypot kind of program which will fake services like telnet and log everything that happens, its goin to be coded in vb. I was wondering if anyone has any ideas of what kind of things i could add to it?
You spell like Pooh.
I couldn't help it, sorry.
lol...bet ya could have :P
A good fly trap would have a simulated network with layers ie servers, routers, printers, workstations. Im not sure if you know of this site but it might be interesting to you http://project.honeynet.org/
Here is some info (cut-n-paste)
Ready-Mades
There are quite a number of ready-made honeypots, free and commercial. A couple of freebies that I like, not only for their functionality, but because the source code is available to audit and modify:
The Deception Toolkit is completely fake, it depends on Perl scripts to create a simulated environment. It includes a lot of fancy sidestepping and double-talk, such as fake coredumps, fake ports, and fake error messages. It is designed to lure an intruder down the garden path and keep them going until they've created an extensive trace. It gives quite a bit of flexibility in creating realistic scenarios to fool intruders, depending how advanced your scripting skills are. The author states that it is not good enough to fool a truly skilled cracker, but will create enough confusion to foil most of them.
LaBrea creates a tarpit or, as some have called it, a "sticky honeypot". (I think of it as a roach motel for crackers.) It takes unused IP addresses on a network and creates virtual machines that answer connection attempts. Intruders get hung up, sometimes for a long time. It uses what it calls "persist mode trapping" to maintain a connection for the longest possible time, tying up the intruder's time and bandwidth. What is really cool is it also throttles your bandwidth- what a perfect world, wasting an attacker's time and bandwidth while preserving your own.
Risks
A poorly-contained honeypot puts the rest of your network at risk. There is also the temptation to retaliate. Be careful, stay within legal means. Returning tit for tat only gets you in trouble. Remember, the goal is to increase your own security, not go to war with the script kiddies.
hope this helps you and good luck with your project!!
i going to make a cray out of curtains
Tedob1> Mine is out of a cardboard box.... It looks more like an Irix though. Just ask hogfly about it sometime (he is normally on irc.antionline.com )
anyway
trials> The more you can add to it the better. You obviously don't want to go overboard and have 200 open ports, because that would look suspecious, but 7 to 10 ports on any given server isn't very rare. As seeker said, if you can make it look like an entire network, that is even better. All I have to say is good luck doing it all in VB though...
yea VB might not be the best choice for this...maybe u should try C...when i see a VB like prog i get a bit sucpecious considering lots of virri is made in VB due ot its ease of use :/
Why don't you take a look at Port Sentry? They've been doing this type of thing for quite a while. You might get some ideas there.
www.psionic.com
Thanx for all your help everyone and sorry about the spelling. I would code in in C but i havent got the hang of it yet.
I'd say write it in C because most people who'd be using TELNET for anything interesting will probably be running and operating system (eg. Linux, BSD...etc) which doesn't accept VB.