Today one of my friend ask
me What is Honeypot and how to use it. So, I decided to write an article on it.
According to Wikipedia:- In computer
terminology, a honeypot is a trap set to detect, deflect,
or in some manner counteract attempts at unauthorized use of information
systems. Generally it consists of a computer, data, or a network site that
appears to be part of a network, but is actually isolated and monitored,
and which seems to contain information or a resource of value to attackers.
There are lots of methods to deploy
Honeypots based on what kind of Honeypot you want to use. In this article we
will see hot to setup an network based honeypot. This honeypot is used to
detect network attack.
We will see how to create a Honeypot using
honeyd. honeyd is included in backtrack so you don’t need to download and
install it in backtrack.
Honeyd is a small daemon that creates
virtual hosts on a network. The hosts can be configured to run arbitrary
services, and their personality can be adapted so that they appear to be
running certain operating systems. Honeyd enables a single host to claim
multiple addresses
OK to create a honeypot using honeyd you
need a configuration file of virtual host.
So open text editor (you can use nano vi or gedit) and type the
following configuration.
and save the file as honeyd.conf
create windowsset windows personality "Microsoft Windows XP Professional SP1"add windows tcp port 23 openadd windows tcp port 25 openadd windows tcp port 80 openset windows ethernet "aa:bb:cc:dd:ee:ff"bind 192.168.56.124 windows
if you want you can add more port on your virtual host.
This is all configuration we need for our honeypot. Open terminal and start honeyd using command
honeyd -d -f honeyd.conf
where honeyd.conf is the name of file you created in previous step.
OK our honeypot is ready with IP address 192.168.56.124, just make sure that the IP address you give to your virtual host must be in same sub-net of your real machine. Now whenever any one from outside try to access your virtual host it will create a log and will display it on the terminal. If you want all the logs on a particular file then use -l after the file name and give the location of the file. e.g
honeyd -d -f honeyd.conf -l [location]
hope it will help you.....
I have included an video based on this article.
3 comments:
Do you come across honeypots presented by US gov often?
what ip address at honeyd.conf??ip at backtrack..
I can't save logfile on Backtrack. So, how to save log file at other location ?
Post a Comment