Difference between revisions of "Honeyd"

From ArchWiki
Jump to: navigation, search
Line 2: Line 2:
 
Honeyd is an open source computer program that allows a user to set up and run multiple virtual hosts on a computer network. These virtual hosts can be configured to mimic several different types of servers, allowing the user to simulate an infinite number of computer network configurations. Honeyd is primarily used in the field of computer security by professionals and hobbyists alike.
 
Honeyd is an open source computer program that allows a user to set up and run multiple virtual hosts on a computer network. These virtual hosts can be configured to mimic several different types of servers, allowing the user to simulate an infinite number of computer network configurations. Honeyd is primarily used in the field of computer security by professionals and hobbyists alike.
  
This page goes over how to get a simple setup up and running.
+
This page goes over how to get a simple setup up and running. My server uses IP address 192.168.1.10. My honeyd daemon will listen at 10.0.0.1.
  
 
=Installation=
 
=Installation=
Line 35: Line 35:
 
On your firewall, add the following route:
 
On your firewall, add the following route:
 
  Destination IP Netmask Gateway
 
  Destination IP Netmask Gateway
  10.0.0.0         255.0.0.0 <hostIPhere>
+
  10.0.0.0         255.0.0.0 192.168.1.10
  
 
Open up 2 shells on your server. In the first shell, start the honeyd program. In the second shell, use nc to connect to honeyd. The output should be as follows:
 
Open up 2 shells on your server. In the first shell, start the honeyd program. In the second shell, use nc to connect to honeyd. The output should be as follows:
Line 44: Line 44:
 
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
 
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
 
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
 
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
honeyd[3985]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (net 10.0.0.0/8))) and not ether src 00:0d:56:37:52:ef
+
honeyd[3985]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (net 10.0.0.0/8))) and not ether src MAC_ADDY_HERE
 
honeyd[3985]: Demoting process privileges to uid 99, gid 99
 
honeyd[3985]: Demoting process privileges to uid 99, gid 99
 
honeyd[3985]: Connection request: tcp (192.168.1.10:60109 - 10.0.0.1:23)
 
honeyd[3985]: Connection request: tcp (192.168.1.10:60109 - 10.0.0.1:23)
Line 50: Line 50:
 
honeyd[3985]: Connection dropped by reset: tcp (192.168.1.10:60109 - 10.0.0.1:23)
 
honeyd[3985]: Connection dropped by reset: tcp (192.168.1.10:60109 - 10.0.0.1:23)
 
^Choneyd[3985]: exiting on signal 2}}
 
^Choneyd[3985]: exiting on signal 2}}
 +
 +
{{Command|name=nc 10.0.0.1 23
 +
|output=Led Zeppelin, great band or greatest band?
 +
greatest
 +
greatest
 +
 +
^C}}
 +
  
 
=More Resources=
 
=More Resources=

Revision as of 06:24, 25 June 2009

Introduction

Honeyd is an open source computer program that allows a user to set up and run multiple virtual hosts on a computer network. These virtual hosts can be configured to mimic several different types of servers, allowing the user to simulate an infinite number of computer network configurations. Honeyd is primarily used in the field of computer security by professionals and hobbyists alike.

This page goes over how to get a simple setup up and running. My server uses IP address 192.168.1.10. My honeyd daemon will listen at 10.0.0.1.

Installation

Install Honeyd from the AUR. Using yaourt:

[user@host ~]# yaourt -S honeyd

Configuration

Create these files:

Template:File

Template:File

On your firewall, add the following route:

Destination IP 	Netmask 	Gateway
10.0.0.0	        255.0.0.0	192.168.1.10

Open up 2 shells on your server. In the first shell, start the honeyd program. In the second shell, use nc to connect to honeyd. The output should be as follows:

Template:Command

Template:Command


More Resources

http://www.honeyd.org/faq.php

http://en.wikipedia.org/wiki/Honeyd

http://ulissesaraujo.wordpress.com/2008/12/08/deploying-honeypots-with-honeyd/