So you want to build your own honeypot.
Located here are links that will take you to honeypot solutions, or utilities that allow you to build your own honeypots. This is where the real fun begins.
PatriotBox. A commercial, easy to use low-interaction honeypot designed for windows.
KFSensor. A powerful and easy to use low-interaction Windows honeypot, designed primarily for detection. Extensive capabilities, including NetBIOS simulation and interoperability with Honeyd scripts. Free evaluation copies.
NetBait: A very novel and powerful commercial solution. NetBait can be a product or service. Either way, it operates by redirecting attacks against unused IP space to ‘honeypot farms’.
ManTrap: Now called Decoy Server, ManTrap is a high-interaction honeypot sold by by Symantec. ManTrap is unique in that it provides complete operating systems for attackers to interact with, capturing their every action. ManTrap has outstanding data collection capabilities. Currently only runs on Solaris.
Specter: Specter is a low-interaction honeypot designed to run on Windows. It can emulate 13 different operating systems, monitor up to 14 TCP ports, and has a variety of configuration and notification features. One of Specter’s greatest strengths is its ease of use.
OpenSource / Free Honeypots
Bubblegum Proxypot. An open proxy honeypot for deceiving and detecting spammers.
Jackpot. An open relay honeypot, also aimed at spammers.
BackOfficer Friendly: BOF is a free Windows based honeypot designed to be used as a burglar alarm. Written by Marcus Ranum and the NFR folks in 1998, BOF is extremely easy to use and runs on any Windows platform. However, it is very limited and can listen on only 7 ports. If you have never installed a honeypot before, this is a great place to start.
Bait-n-Switch. Not really a honeypot. Instead, a technology that directs all non-production or unauthorized traffic to your honeypots. Very powerful concept.
Bigeye. A low-interaction honeypot that emulates several servcies.
HoneyWeb. Emulates different types of webservers. Can dynamicaly change itself based on the type of requests.
Deception Toolkit: DTK was the first OpenSource honeypot, released in 1997. Written by Fred Cohen, DTK is a collection of Perl scripts and C source code that emulates a variety of listening services. Its primary purpose is to deceive human attackers. This tool is dated, but one of the first honeypots ever released.
LaBrea Tarpit: This OpenSource honeypot is unqiue in that it is designed to slow down or stop attacks by acting as a sticky honeypot. It can run on Windows or Unix.
Honeyd: This is a powerful, low-interaction OpenSource honeypot, released by Niels Provos in 2002. Honeyd, written in C and designed for Unix platforms, introduces a variety of new concepts, including the ability to monitor millions of unused IPs, IP stack spoofing, and simulate hundreds of operating systems, at the same time. It also monitors all UDP and TCP based ports.
You can try out Honeyd with the Honeyd Linux Toolkit. A toolkit containing all the configuration files, precompiled static binaries, and startup scripts to get Honeyd instantly up and running on your Linux computer. Based on Honeyd 0.5 with patch 001.
The Brazilian Honeynet Project has developed a Honeyd bootable CDROM. They are using it for large scale deployments of Honeyd. Its very exciting stuff, I recommend you check out there work.
Honeynets: These are entire networks of systems designed to be compromised. Honeynets are the most complext of honeypot solutions and have the greatest risk. However, they can also capture the most information of any honeypot.
Sendmail SPAM Trap. This honeypot identifies Spammers and captures their SPAM, without relaying it to any victims. Best of all, VERY easy to setup!
Tiny Honeypot. Written by George Bakos, Tiny Honeypot is unique that it always appear vulnerable. No matter what attack a hacker lanches, it will appear successful. Great tool for collecting all sorts of information on the bad guys.
If the underlying state proceedings do not afford plaintiffs a meaningful opportunity to present their federal claims, then abstention is not appropriate.
Gov. Bev Perdue’s Campaign Fund
Table of Exhibits of Violations
1. In 2006, anonymous loans to Perdue campaign fund totaling $296,500.
2. In 2007, loan of $275,000 from corporation Right Stuff Food Stores.
3. Undisclosed loans of $776,500 allegedly from Perdue & Eave’s personal accounts to campaign fund from 2000-2008.
4. Perdue’s Q3-2008 shows loans of $905,000 from Perdue and Right Stuff Food Stores to campaign.
5. Perdue’s 2009 mid-year semi-annual campaign report alleging loans of $926,500 made from Perdue and her husband to Perdue’s campaign fund.
6. Perdue 2010 mid-year semi-annual report stating loan balance of $776,500 due from Perdue campaign to Perdue and her husband, but no documentation to explain discrepancy of 2009 balance of $926,500 and 2010 balance of $776,500.
7. News article stating that Perdue campaign fund spent $80,000 on legal defense in 2012.
8. News article stating that NC GOP leaderTom Fetzer asked DA Willoughby to investigate Gov. Perdue’s campaign fund in 2010.
9. Correspondence from NC Controller’s office stating that the NC State Bar doesn’t report its IOLTA Trust Fund to NC Controller in accordance with Article 3, fiscal duties of state agencies.
10. § 143C 2 1. Governor is Director of the Budget.
11. NC Senate Bill 272 allowing the NC State Bar to evade taxes on its IOLTA trust fund, signed by Perdue, Dalton and Tillis
12. NCGS 163-238: Duty of NC SBE to report campaign violations to District Attorney.
13. NCGS 163.278.14: No anonymous campaign contributions.
14. NCGS 163.278.15: No acceptance of contributions by corporations.
15. NCGS 163.278.16B: Legal defense fund separate from campaign fund.
16. NCGS 163.278(h): The campaign treasurer shall maintain all moneys of the political committee in a bank account or bank accounts used exclusively by the political committee and shall not commingle those funds with any other moneys.
17. NCGS 163.278.32: False information pertaining to campaign funds is Class I Felony.
18. 18 USC 1956(h): Aiding and abetting evasion of a reportable transaction (NC Senate Bill 272/IOLTA).