Honeypot

[sajith4ever]

A honeypot is a closely monitored network decoy serving several purposes: it can distract adversaries from more valuable machines on a network, provide early warning about new attack and exploitation trends, or allow in-depth examination of adversaries during and after exploitation of a honeypot.

Deploying a physical honeypot is often time intensive and expensive as different operating systems require specialized hardware and every honeypot requires its own physical system. This paper presents Honeyd, a framework for virtual honeypots that simulates virtual computer systems at the network level.

The simulated computer systems appear to run on unallocated network addresses. To deceive network-fingerprinting tools, Honeyd simulates the networking stack of different operating systems and can provide arbitrary routing topologies and services for an arbitrary number of virtual systems.

Honeypot simulates network services by open servers at user specified ports on a network computer. The port/service appeares to be existing and open to an attacker or trojan. Once an attacker connects to the service, his IP address is logged and he could even be denied any access to the computer if the system uses a firewall that supports dynamic blacklisting. Honeypot has been developed to work with Shorewall, but should work with any firewall that has the ability to blacklist an IP address using a shell command or adding entries to text files. All attacks against Honeypot are logged with time for the attack, attacker IP and attacker hostname.