Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

Honey pot

Pooyan
Occasional Visitor

Honey pot

I'm student of MIT,
My project is about Honey pot but I have no idea about that.
I'd like to know:
1.Which language is better to write a honey pot?
2.How can I sniff packets from the network.
3.How can I understand which packet is intrusion and which is not?
4.How can I learn from the intrusions and save them?
anybody help me?
thank you inadvance
5 REPLIES
Steven E. Protter
Exalted Contributor

Re: Honey pot

As i recall honeypot is a fire/wall/network type package

1) I'd use ethereal as a sniffer its free
2) I'd use iptables as a firewall, its free and more widely supporeted.

3) This is partially based on experience, but packets originating from anauthorized sources are bad, to figure this out, you need to know your network environment.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Robert-Jan Goossens
Honored Contributor

Re: Honey pot

Hi,

Check this article,

http://www.awprofessional.com/articles/article.asp?p=23948

Regards,
Robert-Jan
U.SivaKumar_2
Honored Contributor

Re: Honey pot

Hi,

Honeypot is a system connected to Insecure network hosting (fakely vulnerable)virtual network services and logging all network and system activities to a secure log server.

The idea is to attract hackers to hack our honeypot. The objectives are to study and analyze the latest exploits used by hackers, obtain forensic data and to divert hackers from production servers.

hackers must be misled by the honeypot as a real system to hack and the greatest design challenge of a Honeypot is it's level deception in the eyes of hackers.

You can write a honeypot in any language. The secure coding and logic are the major concerns. C and C++ recommended over perl considering coding standards and performance.

In a honeypot you need not sniff the packets as the traffic must be point-to-point. viz. from the honeypot to hackers system. But you can have implementations where honeypot must spoof and answers traffic to unused IP addresses in a subnet using ARP spoofing methods. In this cases use socket APIs like libnet etc to inject ARP packets.

Activities in honeypot needed be classified ( intrusive or non-intrusive ) before logging. All activities must be logged.

After logging , it will be the work of the forensic analyst or automated log parser to analyze the logs in the log server for categorization based on attacks. To learn about intrusions you must study the attacks pattern databases available in cert.org, sans.org and must be able to correlate the attacks in realtime situations.

regards,

U.SivaKumar







Innovations are made when conventions are broken
Martin P.J. Zinser
Honored Contributor

Re: Honey pot

Hello,

http://www.securityfocus.com/infocus/1659

might proof a good starting point. Do not try to cheat and use the program given there, from what I have heard the guys at MIT are not idiots and would catch you ;-)

Greetings, Martin
Olivier Drouin
Trusted Contributor

Re: Honey pot

honeynet.org