HPE Community
Operating System - Linux
1821216 Members
3210 Online
109632 Solutions
New Discussion юеВ

Re: Honey pot

 
Pooyan
New Member

тАО04-13-2004 10:44 PM

тАО04-13-2004 10:44 PM

Honey pot

I'm student of MIT,
My project is about Honey pot but I have no idea about that.
I'd like to know:
1.Which language is better to write a honey pot?
2.How can I sniff packets from the network.
3.How can I understand which packet is intrusion and which is not?
4.How can I learn from the intrusions and save them?
anybody help me?
thank you inadvance
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

тАО04-13-2004 11:03 PM

тАО04-13-2004 11:03 PM

Re: Honey pot

As i recall honeypot is a fire/wall/network type package

1) I'd use ethereal as a sniffer its free
2) I'd use iptables as a firewall, its free and more widely supporeted.

3) This is partially based on experience, but packets originating from anauthorized sources are bad, to figure this out, you need to know your network environment.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

тАО04-13-2004 11:51 PM

тАО04-13-2004 11:51 PM

Re: Honey pot

Hi,

Check this article,

http://www.awprofessional.com/articles/article.asp?p=23948

Regards,
Robert-Jan
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

тАО04-14-2004 12:00 AM

тАО04-14-2004 12:00 AM

Re: Honey pot

Hi,

Honeypot is a system connected to Insecure network hosting (fakely vulnerable)virtual network services and logging all network and system activities to a secure log server.

The idea is to attract hackers to hack our honeypot. The objectives are to study and analyze the latest exploits used by hackers, obtain forensic data and to divert hackers from production servers.

hackers must be misled by the honeypot as a real system to hack and the greatest design challenge of a Honeypot is it's level deception in the eyes of hackers.

You can write a honeypot in any language. The secure coding and logic are the major concerns. C and C++ recommended over perl considering coding standards and performance.

In a honeypot you need not sniff the packets as the traffic must be point-to-point. viz. from the honeypot to hackers system. But you can have implementations where honeypot must spoof and answers traffic to unused IP addresses in a subnet using ARP spoofing methods. In this cases use socket APIs like libnet etc to inject ARP packets.

Activities in honeypot needed be classified ( intrusive or non-intrusive ) before logging. All activities must be logged.

After logging , it will be the work of the forensic analyst or automated log parser to analyze the logs in the log server for categorization based on attacks. To learn about intrusions you must study the attacks pattern databases available in cert.org, sans.org and must be able to correlate the attacks in realtime situations.

regards,

U.SivaKumar







Innovations are made when conventions are broken
0 Kudos
Reply
Martin P.J. Zinser
Honored Contributor

тАО04-14-2004 05:05 AM

тАО04-14-2004 05:05 AM

Re: Honey pot

Hello,

http://www.securityfocus.com/infocus/1659

might proof a good starting point. Do not try to cheat and use the program given there, from what I have heard the guys at MIT are not idiots and would catch you ;-)

Greetings, Martin
0 Kudos
Reply
Olivier Drouin
Trusted Contributor

тАО04-14-2004 08:22 AM

тАО04-14-2004 08:22 AM

Re: Honey pot

honeynet.org
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.