Directories | Web | Images | Groups | News | Shopping | Local

Enter your search keyword(s):

 


(formerly Encyclopedic directory)
Honeypots and Honeynets
Home / Top / Computers / Security / Honeypots and Honeynets

(formerly Encyclopedic directory)

See also:
Related articles
Edit | Discuss Article

Honeypot

A honeypot is a computer system or software intended to attract hostile activity such as cracking or spamming, by masquerading as a vulnerable system. It is a computer security tool used to gather information about attackers and their techniques. Honeypots can distract adversaries from more valuable machines on a network, they can provide early warning about new attack and exploitation trends and they allow in-depth examination of adversaries during and after exploitation of a honeypot.

A honeypot is also a fake website or chatroom set up to trap users with other criminal intent, e.g., regarding child pornography, as in Operation Pin.

Spam Honeypots

Spammers are known to abuse vulnerable resources such as open mail relays and open proxies. Some system administrators have created honeypot programs which masquerade as these abusable resources in order to discover the activities of spammers.

Open relay honeypots include Jackpot, written in Java, and smtpot.py, written in Python. The Bubblegum Proxypot is an open proxy honeypot (or proxypot.)

The term "honeypot" is believed to come from the Winnie the Pooh stories, in which Pooh finds himself stuck inside a pot of honey which he intended to eat.

Security Honeypots

Programs such as Fred Cohen's Deception Toolkit masquerade as vulnerable network services. When an attacker connects to a service and attempts to break in, they simulate weakness but do not allow the attacker to actually gain control of the system. By logging the attacker's activity, such a system gathers information about the attacks being used, as well as the attacker's own IP address and other information.

The Honeynet Project is a research project deploying networks of honeypot systems ("honeynets") to gather extensive information about "the tools, tactics, and motives" of computer criminals.

External Links

A honeypot is another name for the plant king protea.

For the "tourist trap" meaning, see honeypot (geography).


Source | Copyright

Webmasters: Add your website here:

Readers: Edit | Discuss Listings

HoneyNet Project
A community of organizations actively researching, developing and deploying Honeynets and sharing the lessons learned.
http://project.honeynet.org/

Honeyd
Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet, for network monitoring, or as a spam trap. For *BSD, GNU/Linux, and Solaris.
http://www.citi.umich.edu/u/provos/honeyd/

Honeypots: Tracking Hackers
White papers, mailing list and other resources related to honeypots.
http://www.tracking-hackers.com/

Honeypots
Information covering intrusion detection and prevention systems, research and production honeypots, and incident handling. Also provides general overview of network security issues.
http://www.honeypots.net/

SourceForge.net: Project - HoneyView
A tool to analyze honeyd-logfiles of the honeyd-daemon. Generates graphical and textual results from queries against the logfile data.
http://sourceforge.net/projects/honeyview

Deception ToolKit (DTK)
A toolkit designed to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities.
http://all.net/dtk/index.html

SecurityFocus: Dynamic Honeypots
Honeypots that dynamically learn your network then deploy virtual honeypots that adapt to your network.
http://www.securityfocus.com/infocus/1731

SecurityFocus: Fighting Internet Worms With Honeypots
This paper evaluates the usefulness of using honeypots to fight Internet worms and perform counterattacks.
http://www.securityfocus.com/infocus/1740

SecurityFocus: Honeytokens -The Other Honeypot
This paper discusses honeytokens, honeypots that are not computers, but rather digital entities that are stored in a restricted part of the network.
http://www.securityfocus.com/infocus/1713

Honeypots
An introduction to honeypots, the different types, and their value.
http://www.tracking-hackers.com/papers/honeypots.html

An Evening with Berferd
A hacker is lured, endured, and studied. One of the first examples of a honeypot. First published in 1992.
http://all.net/books/berferd/berferd.html

SecurityFocus: Problems and Challenges with Honeypots
Article discussing issues with Honeypot technology, focusing on dealing with the possibility of your Honeypot being detected (and potentially abused) by an attacker.
http://www.securityfocus.com/infocus/1757

MastaHackaWannabeAnalajza
Provides visualization of hack attempts against a honeypot server. Reports include attack intensity over time and attack types. Based on IDS data produced by snort.
http://rudolf.sytes.net/en/

RedHat Linux 6.2 Honeypot Analysis
Incident analysis for a compromised default honeypot installation of RedHat Linux 6.2. Includes design, configuration and log details for the compromised machine.
http://www.holcroft.org/honeypot/

Bubblegum proxypot
An open proxy honeypot (proxypot) that pretends to be an open proxy. Designed primarily to catch the mail spammer.
http://world.std.com/~pacman/proxypot.html

SecurityFocus: Wireless Honeypots
Article discussing the use of honeypot technology to combat attacks on wireless networks.
http://www.securityfocus.com/infocus/1761

The Distributed Honeypot Project
The goal of this project is to organize dispersed honeypots across the Internet and share findings with the security community.
http://www.lucidic.net/

SecurityDocs - Honeypots
Directory of articles, white papers, and documents on honeypots and other security topics.
http://www.securitydocs.com/Intrusion_Detection/Honeypots

Honeynet.BR
Brazilian Honeypots Alliance. Includes tools to summaries honeyd logs, mydoom.pl (A perl script which emulates the backdoor installed by the Mydoom virus), and an OpenBSD LiveCD Honeypot.
http://www.honeynet.org.br/

Sombria Honeypot System
A honeypot system and "Honeypot Exchange Program."
http://www.lac.co.jp/security/csl/intelligence/sombria_e/index.html

Honey Web
An Active Server Pages (ASP) compliant web server honey pot, that detects common attacks against web servers and logs the requests in a real-time viewer . It can recognize Buffer Overflows , Denial of Service attacks, Directory Transversal attacks, SQL Injection attacks , XSS attacks , Session hijacking attacks.
http://honeyweb.sourceforge.net/

Honeynet Security Console (HSC)
HSC is an analysis tool to view events on your personal honeynet. View and correlate events from Snort, TCPDump, Firewall, Syslog and Sebek logs.
http://www.activeworx.org/

SCADA HoneyNet Project
SCADA HoneyNet Project: Building Honeypots for Industrial Networks (SCADA, DCS, and PLC architectures).
http://scadahoneynet.sourceforge.net/

EruditeAegis.net - Papers on Honeypot technology
Connection Redirection Applied to Production Honeypot.
http://www.eruditeaegis.net/papers.php

fakeAP
Generates thousands of counterfeit 802.11b access points for use as part of a honeypot or to confuse Wardrivers, NetStumblers, Script Kiddies, and other undesirables.
http://www.blackalchemy.to/project/fakeap/

Florida Honeynet Project
The Florida Honeynet Project is a not for profit, all volunteer organization dedicated to honeynet research.
http://www.floridahoneynet.org/

Honeypots: Monitoring and Forensics Project
Techniques, tools and resources for conducting Honeypot Research and Forensic Investigation. White papers include monitoring VMware honeypots, apache web server honeypots, and VMware honeypot forensics.
http://honeypots.sourceforge.net/

Honeypotting with VMware
An article about how to use VMware to produce honeypots to catch system intruders.
http://www.seifried.org/security/ids/20020107-honeypot-vmware-basics.html

Linux Kernel Patches
Kernel logging patches for the honeynet project.
http://axehind.com/

Deploying and Using Sinkholes
Configuring and deploying Sink Hole Routers, which are the network equivalent of a honey pot.
http://www.arbornetworks.com/research_presentations.php

Securityfocus: Fighting Spammers With Honeypots
This paper evaluates the usefulness of using honeypots to fight spammers.
http://www.securityfocus.com/infocus/1747

Talisker Honeypots
Web page summarizing different commercial and freeware honeypots.
http://www.securitywizardry.com/honeypots.htm

Back Officer Friendly
Created to detect when anyone attempts a Back Orifice scan against your computer. Also detects attempted connections to other services, such as Telnet, FTP, SMTP, POP3 and IMAP2.
http://www.nfr.com/resource/backOfficer.php

LaBrea Tarpit
A program that creates a tarpit or, as some have called it, a "sticky honeypot".
http://labrea.sourceforge.net/

Tiny Honeypot
A very simple honeypot taking up a total of 21k.
http://alpinista.dyndns.org/files/thp/

SecurityFocus: Honeypot Farms
This article is about deploying and managing honeypots in large, distributed environments through the use of Honeypot Farms.
http://www.securityfocus.com/infocus/1720

Honeypot + Honeypot = Honeynet
Article discussing the creation of the Honeynet Project.
http://www.eweek.com/article2/0,4149,1244323,00.asp

The Bait and Switch Honeypot System
A system that redirects all hostile traffic from your production systems to a honeypot that is a partial mirror of your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data.
http://violating.us/projects/baitnswitch/


Help build the largest human-edited directory on the web.
 Submit a Site - Open Directory Project (modified) - Become an Editor

Modified contents copyright 2008. All rights reserved.