Today one of my friend ask me What is Honeypot and how to use it. So, I decided to write an article on it.
According to Wikipedia:- In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.
There are lots of methods to deploy Honeypots based on what kind of Honeypot you want to use. In this article we will see hot to setup an network based honeypot. This honeypot is used to detect network attack.
We will see how to create a Honeypot using honeyd. honeyd is included in backtrack so you don’t need to download and install it in backtrack.
Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses
OK to create a honeypot using honeyd you need a configuration file of virtual host.
So open text editor (you can use nano vi or gedit) and type the following configuration.
and save the file as honeyd.conf
create windowsset windows personality "Microsoft Windows XP Professional SP1"add windows tcp port 23 openadd windows tcp port 25 openadd windows tcp port 80 openset windows ethernet "aa:bb:cc:dd:ee:ff"bind 192.168.56.124 windows
if you want you can add more port on your virtual host.
This is all configuration we need for our honeypot. Open terminal and start honeyd using command
honeyd -d -f honeyd.conf
where honeyd.conf is the name of file you created in previous step.
OK our honeypot is ready with IP address 192.168.56.124, just make sure that the IP address you give to your virtual host must be in same sub-net of your real machine. Now whenever any one from outside try to access your virtual host it will create a log and will display it on the terminal. If you want all the logs on a particular file then use -l after the file name and give the location of the file. e.g
honeyd -d -f honeyd.conf -l [location]
hope it will help you.....
I have included an video based on this article.