-: Honeypots :-
"Honeypot is a trap set to detect, deflect, or in some manner counteract
attempts at unauthorized use of information systems." -Wikipedia
"Honeypot is an information system resource whose value lies in
unauthorized or illicit use of that resource." -Lance Spitzner
Unlike firewalls or Intrusion Detection Systems, honeypots do not
solve a specific problem. Instead, they are a highly flexible tool
that comes in many shapes and sizes. They can do everything from detecting
encrypted attacks in IPv6 networks to capturing the latest in on-line
credit card fraud. Its is this flexibility that gives honeypots their
true power. It is also this flexibility that can make them challenging
to define and understand.
Types of Honeypots :-
Low-Interaction Honeypot:- Low-interaction honeypots
have limited interaction, they normally work by emulating services
and operating systems. Attacker activity is limited to the level of
emulation by the honeypot. These honeypots tend to be easier to deploy
and maintain, with minimal risk. Examples of low-interaction honeypots
include Specter, Honeyd, and KFSensor.
High-Interaction Honeypot:- High-interaction honeypots
are different, they are usually complex solutions as they involve
real operating systems and applications. Nothing is emulated, we give
attackers the real thing. The advantages with such a solution are
two fold. First, you can capture extensive amounts of information.
By giving attackers real systems to interact with, you can learn the
full extent of their behavior. The second advantage is high-interaction
honeypots make no assumptions on how an attacker will behave. Instead,
they provide an open environment that captures all activity. However,
this also increases the risk of the honeypot as attackers can use
these real operating system to attack non-honeypot systems. As result,
additional technologies have to be implement that prevent the attacker
from harming other non-honeypot systems. However, they can be more
complex to deploy and maintain. Examples of high-interaction honeypots
include Symantec Decoy Server and Honeynets.
Typical Honeypot Model
Honeypot Softwares :-
- Argos by Georgios Portokalidis, Herbert Bos
- Back Officer Friendly by NFR Security
- Bait N Switch Honeypot by Team Violating
- BigEye by Team Violating
- FakeAP by Black Alchemy Enterprises
- GHH - The "Google Hack" Honeypot by Ryan McGeehan
- HOACD by Honeynet.BR Project
- HoneyBOT by Atomic Software Solutions
- Honeyd by Niels Provos
- Honeyd Development site by Niels Provos
- Honeyd for Windows by Michael A. Davis (port)
- Honeynet Security Console for Windows 2000/XP by
- HoneyPerl by Brazilian Honeypot Project (HoneypotBR)
- HoneyPoint by MicroSolved, Inc.
- Honeywall CD-ROM by The Honeynet Project
- HoneyWeb by Kevin Tim
- Impost by sickbeatz
- Jackpot Mailswerver by Jack Cleaver
- KFSensor by Keyfocus
- Kojoney by Jose Antonio Coret
- LaBrea Tarpit by Tom Liston
- NetBait by NetBait Inc.
- NetFacade by Verizon
- OpenBSD's spamd by OpenBSD Team
- ProxyPot by Alan Curry
- Sandtrap by Sandstorm Enterprises, Inc.
- Single-Honeypot by Luis Wong and Louis Freeze
- Smoke Detector by Palisade Systems Inc.
- SMTPot.py by Karl A. Krueger
- Spamhole by Dr. Uid
- Spampot.py by Neale Pikett
- Specter by Netsec
- SWiSH by Canned Ham
- Symantec Decoy Server (formerly ManTrap) by Symantec
- Tiny Honeypot (thp) by George Bakos
- The Deception Toolkit by Fred Cohen & Associates
- User-Mode Linux (UML) by Jeff Dike
© 2019 Insecure Lab, India.