Difference between revisions of "Honeyd"

From ArchWiki
Jump to: navigation, search
m
(Installation: -)
Line 6: Line 6:
  
 
=Installation=
 
=Installation=
Install Honeyd from the AUR. Using yaourt:
+
Install Honeyd [https://aur.archlinux.org/packages.php?ID=3477 from the AUR].
 
+
[user@host ~]# yaourt -S honeyd
+
  
 
=Configuration=
 
=Configuration=

Revision as of 12:25, 26 August 2011

Introduction

Honeyd is an open source computer program that allows a user to set up and run multiple virtual hosts on a computer network. These virtual hosts can be configured to mimic several different types of servers, allowing the user to simulate an infinite number of computer network configurations. Honeyd is primarily used in the field of computer security by professionals and hobbyists alike.

This page goes over how to get a simple setup up and running. My server uses IP address 192.168.1.10. My honeyd daemon will listen at 10.0.0.1.

Installation

Install Honeyd from the AUR.

Configuration

Create these files:

Template:File

Template:File

On your firewall, add the following route:

Destination IP 	Netmask 	Gateway
10.0.0.0	        255.0.0.0	192.168.1.10

Open up 2 shells on your server. In the first shell, start the honeyd program. In the second shell, use nc to connect to honeyd. The output should be as follows:

Template:Command

Template:Command

There, you have a simple, basic, set up of honeyd. To kill honeyd, issue the command

killall honeyd

I would recommend the book "Virtual Honeypots: From Botnet Tracking to Intrusion Detection" by Niels Provos to anybody who would like to really get to know honeyd.

More Resources

http://www.honeyd.org/faq.php

http://en.wikipedia.org/wiki/Honeyd

http://ulissesaraujo.wordpress.com/2008/12/08/deploying-honeypots-with-honeyd/