what honeypots are there?

Printable View

February 22nd, 2004, 04:59 PM
al1aprize

what honeypots are there?

i can't find any good honeypots w/ google.
February 22nd, 2004, 05:01 PM
MrLinus

Which OS would the honeypot go on? Check out HoneyNet Project has some good resources.
February 22nd, 2004, 05:02 PM
al1aprize

i want it to go on WinXP.
February 22nd, 2004, 05:06 PM
MrLinus

BackOfficer Friendly is a free but simple Windows honeypot. ManTrap by Symantec is a high-end, high cost. Alternatively, you could use something like VMWare to create a medium risk, medium-low cost honeypot.

I've found that on Windows there are few free options for honeypots and mostly high cost options from larger enterprises (Symantec, Computer Associates, etc.).
February 22nd, 2004, 05:15 PM
al1aprize

thanx 4 telling me about backOfficer Friendly
February 22nd, 2004, 05:22 PM
Relyt

Good Day,

I just happen to have a copy of "Honeypots - Tracking Hackers" on the book shelf and after reading it, I would highly recommend that before you install software for setting up your own honeypot, that you do some studying.

Obviously I don't know your skill set, but better make sure yours is better than the folks you might want to lure in and catch in the honeypot. ;)

Edit: Some links are also listed below the thread.
February 22nd, 2004, 05:58 PM
alphabetarian

As Relyt said, pick up a copy of "Honeypots - Tracking Hackers". It's written by Lance Spitzner and is an excellent, excellent book. It's very informative, yet a relatively easy read at the same time. I did an independent study course last year on honeypots and that was the book I used as a text.

While Back Officer Friendly is pretty much the only free Windows honeypot I can think of, it's also incredibly lame. It's a low interaction honeypot, which means that all it does is throw up some open ports and then log whenever anyone connects to them. However, that's *all* it does...where as some low interaction honeypots will emulate a service. Another downside to BOF is that it doesn't take a brain surgeon to ID it. You can connect to it's wanna-be telnet port, type a login and password, but the password shows up as you type it. I've never telnetted into a box where that's happened. Quite honestly, I'd barely say that it was worth a look.

However, if you really want to get into some cool honeypots, use VMWare like Mittens said, but throw a Linux flavor on a virtual machine and then check into either Honeyd (my fav.), LaBrea, or the Deception Tool Kit. I'm pretty sure you may have to compile them from source, I know for a fact Honeyd you will, so you'll need to make sure you have a C compiler installed.

Happy Honeypotting...

Alpha
February 22nd, 2004, 07:00 PM
nihil

Hi,

rule #1 DO NOT do this on your main, or a shared computer resource......only use a machine on which you are prepared to reformat and reinstall your OS.

Certainly don't do it on a school, college or work computer :eek:

Honeypots are not beginners' stuff, so make sure that you read up thoroughly ;)

Good luck.............and be careful
March 14th, 2004, 10:19 PM
al1aprize

i like using the BackOfficer Friendly honeypot. thanx MsMittens.
March 15th, 2004, 01:25 AM
al1aprize

why aren't there many threads in this section?
March 15th, 2004, 01:38 AM
MrLinus

Probably because few people use honeypots or have one. ;)
March 15th, 2004, 03:08 AM
al1aprize

good point. but wouldnt they have spotted it in the forum menu thing??
March 15th, 2004, 10:46 AM
MrLinus

Even if someone does notice this forum, doesn't mean that they will use it.
March 16th, 2004, 12:10 AM
al1aprize

but would they get interested and try to find stuff out about honeypots?
March 16th, 2004, 12:24 AM
MrLinus

Sure. Just because a forum doesn't have 10,000 posts doesn't mean people aren't reading it. The reality is that honeypot usage is still a relatively new thing and I suspect that many either don't have the time or patience to setup up a good honeypot and ensure a limited risk factor. That's life.

There are lots of resources out there for honeypots but I still say the best is http://project.honeynet.org. (whoops! Fixed! :))
March 16th, 2004, 12:34 AM
al1aprize

That is an invalid link
March 16th, 2004, 10:46 AM
journy101

I experimented with a honeypot called KFSensor from keyfocus http://www.keyfocus.net/kfsensor/

Though I am not very familiar with honeypots nor have I played with KFSensor enough to give a report, I will say it was fun watching the connections come in and the commands that were typed. KFSensor is comercial, a trial is available.
March 17th, 2004, 12:06 PM
MrLinus

I just found a honeypot (directed from another website): http://www.security-corporation.com/trapserver.html

Looks interesting and it's FREE! :D (gotta love that 4 letter word). So those of you in Windows might want to try it.
March 20th, 2004, 01:26 AM
browolf

Quote:

Originally posted here by journy101
Though I am not very familiar with honeypots nor have I played with KFSensor enough to give a report, I will say it was fun watching the connections come in and the commands that were typed. KFSensor is comercial, a trial is available. [/B]

I use kfsensor. I agree on the watching connections bit. Mostly it runs as a spam trap and that isnt wildly interesting.

I caught someone trying to send fake aol billing messages from a russian ISP once, and another person trying to exploit yahoo pager. I keep hoping I might catch something from these new trojans but without a proper simulator behind the ports there isnt much hope I think.