My Tryst with Honeypots & Honeyd

Currently i am doing some research work on Honeypots. This is part of my internship course for my masters. It’s based on a computing technology called Honeypots. Honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network but which is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource that would be of value to attackers. 1

There will be basically two Scenarios

Scenario 1: I will be initially setting up a controlled environment with 3 attacking systems and a honeypot.  Then i would try to simulate some attacks on the honeypot from the client systems. This will help me in knowing how the honeypot saves/records all the attacks/activities in it’s log files. Based on the types of attacks i launch and the corresponding log files generated i can be able to analyze them to see the pattern associated with an attack and it’s corresponding log files generated.

Scenario 2: In this scenario, i will release the honeypot into the wild (SICSR WiFi network).. and regularly monitor it and see how it “interacts”  with the network. You can check out this network diagram to get a clearer picture  network diagram

Presently  I am still in scenario 1. I will be setting up the honeypots using Open source software. The Operating System of my choice is obviously Ubuntu and the Honeypot software i will be using is Honeyd . I will keep you updated as my work progresses.

For more information on Honeypots you can check out these links.

1. http://www.spitzner.net/honeypots.html

2. http://www.tracking-hackers.com/

3. http://www.honeypots.net/

4. http://www.rootprompt.org/article.php3?article=210

5. http://project.honeynet.org/