What is HoneyPot?

It is a trap as bears are attracted to honey in the same way a honeypot is designed to attract hackers and black hat people.They are used specifically for the following purposes:

1.Warn about a future attack.

2.Monitoring the activity of an attacker

3.Inorder to know the way of attack used by the attacker.

4.Creating a virtual environment to mislead the attack.

5.It is also very useful in malware analysis.

A honeypot consists of a single computer that appears to be part of a network, but is actually isolated and protected. Honeypots are designed to contain vital information that would be of use to the attacker and he/she will be attracted to it. Honeypots can be more than one computer. When an entire network is designed ,
it is called a honeynet. A honeynet is two or more honeypots. During this time,the ethical hackers can monitor the attacker's every move without him knowing. One of the key concepts of the honeypot is data control. The ethical hacker must be able to prevent the attacker from being able to use the honeypot as a launching point for attack and keep him bind in the honeypot. To help ensure that the hacker can't access the internal network, honeypots can be placed on their own segment of the network
A great resource for information about honeypots is "The Honeynet Project," which can be found at www.honeynet.org

Types of Honeypots:

High interaction and low interactions are available. Low interaction honeypots work by manipulating services and programs that would be found on an individual's system.If the attacker does something that the emulation does not expect, the honeypot will simply generate an error. High interaction systems are not a piece of software or product. High interaction honeypots are an entire system or network of computers. The idea is to have a controlled area in which the attackers can interact with real applications and programs. High interaction honeypots rely on the border devices to control traffic so that attackers can get in, but outbound activity is tightly controlled.

A variety of honeypot types are available; some are commercial products, and others are open source.The following is a partial list of some of these honeypots:

Kfsensor: www.keyfocus.net/kfsensor

Netbaitinc: www2.netbaitinc.com:5080/products/nbserv_faq.shtml

PatriotBox: www.alkasis.com/?fuseaction=products.info&id=20

Specter: www.specter.com

Open source:

BackOfficer Friendly: www.nfr.com/resource/backOfficer.php

LeBrea Tarpit: http://labrea.sourceforge.net

Honeyd: www.honeyd.org

Tiny Honeypot: www.alpinista.org/thp

There are some items to consider before setting up and running a honeypot. One is that the attacker will break free of the honeypot and use it to attack other systems. There is also a certain amount of time and effort that has to be put into setting up, configuring, and monitoring the honeypot. One of the biggest concerns is that the attacker might figure out that the honeypot is not a real target of interest and quickly turn his interest elsewhere. Any defensive mechanism must be measured by the cost to install, configure, and maintain versus the amount of benefits the system will provide.

Attackers can attempt to determine that a honeypot is not a real system by probing the services. As an example, an attacker might probe port 443 and see that it is open. However, if a Secure Sockets Layer (SSL) handshake is attempted, how will the honeypot respond? Remember that some protocols go through a handshake procedure. A low interaction honeypot might only report the port as open but not have the capability to complete the proper handshake process.

As an example, during the SSL connection, the client and server exchange credentials and negotiate the security parameters. If the client accepts the server's credentials, a master secret is established and used to encrypt all subsequent communications.

Send-safe ,Honeypot Hunter ,Nessus all three of these can be used to probe targets to help determine whether they are real. Nessus, one of the tools listed previously, has the capability to craft the proper SSL response so that it can probe services such as HTTP over SSL (HTTPS), SMTP over SSL (SMPTS), and IMAP over SSL (IMAPS). If you find this post useful and informative do post your comment and share it.
What is HoneyPot? What is HoneyPot? Reviewed by Satyajit (Admins,a.k.a Satosys) on Saturday, June 19, 2010 Rating: 5

3 comments:

Anonymous said...

nice post keep it up...for the first time i have coem across such term.... :)

Helson Su said...

I have searching for this information, and I get it..thanks you

Anonymous said...

I have read so many articles about the blogger lovers but this post is actually a fastidious piece
of writing, keep it up.

Powered by Blogger.