Honeypot Solutions

Honeypots Solutions
So you want to build your own honeypot.

Located here are links that will take you to honeypot solutions, or utilities that allow you to build your own honeypots. This is where the real fun begins.

Commercial Honeypots

PatriotBox. A commercial, easy to use low-interaction honeypot designed for windows.
KFSensor. A powerful and easy to use low-interaction Windows honeypot, designed primarily for detection. Extensive capabilities, including NetBIOS simulation and interoperability with Honeyd scripts. Free evaluation copies.
NetBait: A very novel and powerful commercial solution. NetBait can be a product or service. Either way, it operates by redirecting attacks against unused IP space to ‘honeypot farms’.
ManTrap: Now called Decoy Server, ManTrap is a high-interaction honeypot sold by by Symantec. ManTrap is unique in that it provides complete operating systems for attackers to interact with, capturing their every action. ManTrap has outstanding data collection capabilities. Currently only runs on Solaris.
Specter: Specter is a low-interaction honeypot designed to run on Windows. It can emulate 13 different operating systems, monitor up to 14 TCP ports, and has a variety of configuration and notification features. One of Specter’s greatest strengths is its ease of use.

OpenSource / Free Honeypots

Bubblegum Proxypot. An open proxy honeypot for deceiving and detecting spammers.
Jackpot. An open relay honeypot, also aimed at spammers.
BackOfficer Friendly: BOF is a free Windows based honeypot designed to be used as a burglar alarm. Written by Marcus Ranum and the NFR folks in 1998, BOF is extremely easy to use and runs on any Windows platform. However, it is very limited and can listen on only 7 ports. If you have never installed a honeypot before, this is a great place to start.
Bait-n-Switch. Not really a honeypot. Instead, a technology that directs all non-production or unauthorized traffic to your honeypots. Very powerful concept.
Bigeye. A low-interaction honeypot that emulates several servcies.
HoneyWeb. Emulates different types of webservers. Can dynamicaly change itself based on the type of requests.
Deception Toolkit: DTK was the first OpenSource honeypot, released in 1997. Written by Fred Cohen, DTK is a collection of Perl scripts and C source code that emulates a variety of listening services. Its primary purpose is to deceive human attackers. This tool is dated, but one of the first honeypots ever released.
LaBrea Tarpit: This OpenSource honeypot is unqiue in that it is designed to slow down or stop attacks by acting as a sticky honeypot. It can run on Windows or Unix.
Honeyd: This is a powerful, low-interaction OpenSource honeypot, released by Niels Provos in 2002. Honeyd, written in C and designed for Unix platforms, introduces a variety of new concepts, including the ability to monitor millions of unused IPs, IP stack spoofing, and simulate hundreds of operating systems, at the same time. It also monitors all UDP and TCP based ports.
You can try out Honeyd with the Honeyd Linux Toolkit. A toolkit containing all the configuration files, precompiled static binaries, and startup scripts to get Honeyd instantly up and running on your Linux computer. Based on Honeyd 0.5 with patch 001.
The Brazilian Honeynet Project has developed a Honeyd bootable CDROM. They are using it for large scale deployments of Honeyd. Its very exciting stuff, I recommend you check out there work.
Honeynets: These are entire networks of systems designed to be compromised. Honeynets are the most complext of honeypot solutions and have the greatest risk. However, they can also capture the most information of any honeypot.
Sendmail SPAM Trap. This honeypot identifies Spammers and captures their SPAM, without relaying it to any victims. Best of all, VERY easy to setup!
Tiny Honeypot. Written by George Bakos, Tiny Honeypot is unique that it always appear vulnerable. No matter what attack a hacker lanches, it will appear successful. Great tool for collecting all sorts of information on the bad guys.

Advertisements

About CarolinaCrimeReport

Log on to http://carolinacrimereport.com and learn about all the financial crime and court corruption happening in North Carolina that the mainstream media cannot report. Carolinacrimereport has obtained public records that reveal years of tax evasion, embezzling and corruption by public officials and judges that has been and continues to be unaudited and even covered-up. The website explains how financial fraud is easily executed by corporations taking advantage of the lack of LLC and notary enforcement by Secretaries of State. Many Secretaries of State are not tracking LLC corporations annual report filings; and what they describe as annual reports are really just annual filings that provide little information about the company, and none of the information requred by general accounting standards for an annual report. In North Carolina, and in many other states, people are establishing websites, and calling them companies, but they have no federal tax ID number and are not paying taxes. The IRS calls these "fictitious corporations," and its ranked as one of the IRS Dirty Dozen financial crimes. Carolinacrimeport contains links to resources that explain financial crime and offer tips on how you can conduct your own financial crime investigations to protect yourself from becoming a victim of fraud
This entry was posted in Uncategorized and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s