SecurityHunk

In few of my post we have discussed what is honeypot all about?.It is basically used for intrusion detection and malware analysis.It also comes with different software package for different types of platform like Windows,Linux etc.The different types of software available are....(click here).

How to install HoneyPot?

I have written a guest post on "how to install honeypot?" in Hackers Enigma.Read it here
If  you find this post useful then do comment there,it will be appreciated... :)

"Honeypot".....yeah its name may seem to be bizarre when thought of in context of intrusion detection but it is an intrusion detection system or you may say a trap to attract an attacker.It can also be used for the analysis of different types of malwares attacking your system.In one of my post i published an article on "What is a honeypot?" you may go through it for knowing the detail of the functionalities.
Here in this post we will see what are the softwares available.

1.KFsensor:It is a windows based intrusion detection tool.It has many features like signature attack identification,Remote administration,detects windows networking attack,advanced server simulation etc.For it WINPCAP installation is necessary.The trail version is available for download here.

2.HoneyBot:Atomic software solutions provide a windows based honeypot which is very user friendly.It works on almost all the listening ports of the PC and is designed to mimic vulnearable services.It can be downloaded from here along with the user guide.

3.PatriotBox:It also a windows based tool.It is one of the simplest honeypot solution available.It has features like invisible monitoring,Comprehensive attack detection etc.It is also available in trail version here.

4.Specter:It is a very effective honeypot solution.It makes the PC a vulnerable target for the hackers infact which is not,the hackers are attracted bu it and leaves there traces.It also provides FTP,SMTP,POP3 etc.
Website:http://www.specter.com

5.LaBrea:I have not tested this but it is a multi-platform tool.It has been tested on Linux,Win,solaris etc.For more information on this tool visit here.

6.HoneyD:It can be used in Linux,Win,Solaris.It has features like subsystem virtualisation,stimulates OS at TCP/IP stack level,includes proxy connect etc.For more information about this tool visit here.

If you find this post worth reading then do drop a comment ,it will be appreciated... :)

IF YOU LIKED THE CONTENT OF THIS BLOG THEN DO "VOTE" FOR IT........

It is a trap as bears are attracted to honey in the same way a honeypot is designed to attract hackers and black hat people.They are used specifically for the following purposes:

1.Warn about a future attack.

2.Monitoring the activity of an attacker

3.Inorder to know the way of attack used by the attacker.

4.Creating a virtual environment to mislead the attack.

5.It is also very useful in malware analysis.

A honeypot consists of a single computer that appears to be part of a network, but is actually isolated and protected. Honeypots are designed to contain vital information that would be of use to the attacker and he/she will be attracted to it. Honeypots can be more than one computer. When an entire network is designed ,
it is called a honeynet. A honeynet is two or more honeypots. During this time,the ethical hackers can monitor the attacker's every move without him knowing. One of the key concepts of the honeypot is data control. The ethical hacker must be able to prevent the attacker from being able to use the honeypot as a launching point for attack and keep him bind in the honeypot. To help ensure that the hacker can't access the internal network, honeypots can be placed on their own segment of the network
A great resource for information about honeypots is "The Honeynet Project," which can be found at www.honeynet.org

Types of Honeypots:

High interaction and low interactions are available. Low interaction honeypots work by manipulating services and programs that would be found on an individual's system.If the attacker does something that the emulation does not expect, the honeypot will simply generate an error. High interaction systems are not a piece of software or product. High interaction honeypots are an entire system or network of computers. The idea is to have a controlled area in which the attackers can interact with real applications and programs. High interaction honeypots rely on the border devices to control traffic so that attackers can get in, but outbound activity is tightly controlled.

A variety of honeypot types are available; some are commercial products, and others are open source.The following is a partial list of some of these honeypots:

Kfsensor: www.keyfocus.net/kfsensor

Netbaitinc: www2.netbaitinc.com:5080/products/nbserv_faq.shtml

PatriotBox: www.alkasis.com/?fuseaction=products.info&id=20

Specter: www.specter.com

Open source:

BackOfficer Friendly: www.nfr.com/resource/backOfficer.php

LeBrea Tarpit: http://labrea.sourceforge.net

Honeyd: www.honeyd.org

Tiny Honeypot: www.alpinista.org/thp

There are some items to consider before setting up and running a honeypot. One is that the attacker will break free of the honeypot and use it to attack other systems. There is also a certain amount of time and effort that has to be put into setting up, configuring, and monitoring the honeypot. One of the biggest concerns is that the attacker might figure out that the honeypot is not a real target of interest and quickly turn his interest elsewhere. Any defensive mechanism must be measured by the cost to install, configure, and maintain versus the amount of benefits the system will provide.

Attackers can attempt to determine that a honeypot is not a real system by probing the services. As an example, an attacker might probe port 443 and see that it is open. However, if a Secure Sockets Layer (SSL) handshake is attempted, how will the honeypot respond? Remember that some protocols go through a handshake procedure. A low interaction honeypot might only report the port as open but not have the capability to complete the proper handshake process.

As an example, during the SSL connection, the client and server exchange credentials and negotiate the security parameters. If the client accepts the server's credentials, a master secret is established and used to encrypt all subsequent communications.

Send-safe ,Honeypot Hunter ,Nessus all three of these can be used to probe targets to help determine whether they are real. Nessus, one of the tools listed previously, has the capability to craft the proper SSL response so that it can probe services such as HTTP over SSL (HTTPS), SMTP over SSL (SMPTS), and IMAP over SSL (IMAPS). If you find this post useful and informative do post your comment and share it.