Sunday, 24 February 2013

HoneyPots....

   Today one of my friend ask me What is Honeypot and how to use it. So, I decided to write an article on it.
According to Wikipedia:- In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.

There are lots of methods to deploy Honeypots based on what kind of Honeypot you want to use. In this article we will see hot to setup an network based honeypot. This honeypot is used to detect network attack.

We will see how to create a Honeypot using honeyd. honeyd is included in backtrack so you don’t need to download and install it in backtrack.

Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses

OK to create a honeypot using honeyd you need a configuration file of virtual host.
So open text editor (you can use nano vi or gedit) and type the following configuration.

create windows
set windows personality "Microsoft Windows XP Professional SP1"
add windows tcp port 23 open
add windows tcp port 25 open
add windows tcp port 80 open

set windows ethernet "aa:bb:cc:dd:ee:ff"
bind 192.168.56.124 windows
and save the file as honeyd.conf
if you want you can add more port on your virtual host.
This is all configuration we need for our honeypot. Open terminal and start honeyd using command

honeyd -d -f honeyd.conf 

where honeyd.conf is the name of file you created in previous step.
OK our honeypot is ready with IP address 192.168.56.124, just make sure that the IP address you give to your virtual host must be in same sub-net of your real machine. Now whenever any one from outside try to access your virtual host it will create a log and will display it on the terminal. If you want all the logs on a particular file then use -l after the file name and give the location of the file. e.g


honeyd -d -f honeyd.conf -l [location] 

hope it will help you.....
I have included an video based on this article.

3 comments:

Jay Phoenix said...

Do you come across honeypots presented by US gov often?

Farra Zaidi said...

what ip address at honeyd.conf??ip at backtrack..

Huy Nguyen Ngoc said...

I can't save logfile on Backtrack. So, how to save log file at other location ?