[manu]

Hai,

What is called HONEYPOT systems?.. You might have got doubt about his, Hope that I could clear your doubts here.

Honey Pot Systems are decoy servers or systems setup to gather information regarding an attacker or intruder into your system... It is important to remember that Honey Pots do not replace other traditional Internet security systems; they are an additional level or system. .. Honey Pots can be setup inside, outside or in the DMZ of a firewall design or even in all of the locations although they are most often deployed inside of a firewall for control purposes... In a sense, they are variants of standard Intruder Detection Systems (IDS) but with more of a focus on information gathering and deception. ..

A Honey Pot system is setup to be easier prey for intruders than true production systems but with minor system modifications so that their activity can be logged of traced. The general thought is that once an intruder breaks into a system, they will come back for subsequent visits. During these subsequent visits, additional information can be gathered and additional attempts at file, security and system access on the Honey can be monitored and saved. Generally, there are two popular reasons or goals behind setting up a Honey Pot:

I) Learn how intruders probe and attempt to gain access to your systems. The general idea is that since a record of the intruder�s activities is kept, you can gain insight into attack methodologies to better protect your real production systems.

II) Gather forensic information required to aid in the apprehension or prosecution of intruders... This is the sort of information often needed to provide law enforcement officials with the details needed to prosecute. ...

The common line of thought in setting up Honey Pot systems is that it is acceptable to use lies or deception when dealing with intruders. What this means to you when setting up a Honey Pot is that certain goals have to be considered.

Those goals are:

I) The Honey Pot system should appear as generic as possible. If you are deploying a Microsoft NT based system, it should appear to the potential intruder that the system has not been modified or they may disconnect before much information is collected.

II) You need to be careful in what traffic you allow the intruder to send back out to the Internet for you don�t want to become a launch point for attacks against other entities on the Internet. (One of the reasons for installing a Honey Pot inside of the firewall!)

III) You will want to make your Honey Pot an interesting site by placing "Dummy" information or make it appear as though the intruder has found an "Intranet" server, etc. Expect to spend some time making your Honey Pot appear legitimate so that intruders will spend enough time investigating and perusing the system so that you are able to gather as much forensic information as possible...

Manu :)

[kenshin_efx]

thankz dude, all information abotu this is intresting, i wan to make my honey pot for understan a bit mopre about this...

thankz alot for share :)

more information about honeynets...

http://www.tracking-.../honeypots.html

Grtz.

[ZoraX]

Very intresting manu..

kenshin_efx: great link, alot of intresting reading.

If i ever get a chanse ill set up a Honey pot and study how an hacker behave, this can be intresting and fun :)

[manu]

kenshin_efx, on Jul 21 2004, 06:26 PM, said:

thankz dude, all information abotu this is intresting, i wan to make my honey pot for understan a bit mopre about this...

thankz alot for share :)

more information about honeynets...

http://www.tracking-.../honeypots.html

Grtz.

Really nice my friend. Ppl got a nice place to read further about Honeypots. Very nice post M8.

Manu ;)

[JohnDoe69]

Users may also find honeyd interesting (www.honeyd.org), which allows the creation of thousands of virtual machines on a lan, rather nice...

[Spookie]

Heres some additional information you may find interesting, regarding Wireless Honeypots

There are several commercial tools out like Spector, KFSensor, ManTrap as well as opensource like what you can fiind on Knoppix-STD. I believe PHLAK also some as well.

The HoneyNet Project has some tools available as well. You can review them here

I find Honeypots to be pretty interesting. Like Manu Said

Quote

The Honey Pot system should appear as generic as possible. If you are deploying a Microsoft NT based system, it should appear to the potential intruder that the system has not been modified or they may disconnect before much information is collected.

If your running a WinBox and you have this thing running with a multitude of ports that simulate an infection then your really not using it to its potential. Say for example you want to see what is going to be captured and you audit the box itself, you may notice everything from The Beast to Sub-7 as well as other infections, and open ports.

Try to determine what the purpose of the box is going to be, then what role it will play, and set up the box accordingly.


Heres an interesting read for you as well.
The Superbowl Hack from the Florida HoneyNet Project

[manu]

Very nice spookie.. You made it this topic much more helpful.. Excellent contribution. Thank you M8.

Manu ;)

[Spookie]

Thank you for the compliment Manu. I enjoy this forum and try to stop in every chance I get. I think its the level of participation and input that makes for a great thread and read.

Honeypots have been an interest to me, you may find this link interesting as well concerning Honeypots

This link covers a variety of areas concerning honeypots as well HoneyPots and HoneyNets
with some input on proxy honeypots.