Honeypot

Toggle sidebar Toggle sidebar
D

Dowfen

Senior member
Jul 16, 2002
284
0
0
Hello all,

I was hoping to find some help here regarding setting up a honeypot. My IS manger has assigned the project and unfortunately there are a few constraints...

I have the garbage PC which I pulled out of storage and now need to decide on a Linux or Windows 2000 based Honeypot. One of the constraints however is that, due to low budget, it costs very little or is free. I found one piece of software called Specter, but the "lite" version is $600. This is out of budget, especially for a honeypot.

If anyone has any experience or suggestions on my situation, I'd appreciate it. I have Red Hat, Windows 2000 server, advanced server, etc. I just need the actual honeypot software.

Obviously if I'm asking this I know very little about Honeypots in general. So, any additional help would also be greatly appreciated.

Thanks,

Eric
 
E

everman

Lifer
Nov 5, 2002
11,288
1
0
It's basically an access point which allows anyone to use it (or has permission) correct?
<--- doesn't really know what he's talking about :D
 
P

Poontos

Platinum Member
Mar 9, 2000
2,799
0
0
From the hacking thread:

"One thing becoming more and more poplular, are "honeypots". But, unfortuneatly, with the wave of ease in the process of setting up a web server (it's easy to setup a web server for the most part, the key is securing it of course), organizations are setting up the wrong kind of honeypots. They are just setting up unpatched servers and not doing much else with them, thinking that they are preventing the hackers from getting into their real production servers. The reality is, honeypots take almost as much work as setting up a real secure server. VMWare has become popular in the honeypot envrionment. Think about it, everything is virtual, its brilliant, nothing can really be damaged!"

Honeypots Explained
 
D

Dowfen

Senior member
Jul 16, 2002
284
0
0
I've actually done an extensive google search for it. I've found a lot of information on it.

I posted here looking for people with actual experience with any one product or recommendations.

Eric
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: dowfen
I've actually done an extensive google search for it. I've found a lot of information on it.

I posted here looking for people with actual experience with any one product or recommendations.

Eric
Click to expand...

My recommendation is to not do this unless you have a good plan.

Watch the traffic at *ALL* times when the honeypot is online. Use snort, tcpdump, ethereal, and whatever other tools you can. Use some of the patches out there for like BASH and whatnot to try and get good logs of what the hackers are doing. And pull the plug before they get the chance to attack someone else.
 
K

ktwebb

Platinum Member
Nov 20, 1999
2,488
1
0
An Internet -attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system. Honeypots are designed to mimic systems that an intruder would like to break into but limit the intruder from having access to an entire network. If a honeypot is successful, the intruder will have no idea that s/he is being tricked and monitored. Most honeypots are installed inside firewalls so that they can better be controlled, though it is possible to install them outside of firewalls. A firewall in a honeypot works in the opposite way that a normal firewall works: instead of restricting what comes into a system from the Internet, the honeypot firewall allows all traffic to come in from the Internet and restricts what the system sends back out.
By luring a hacker into a system, a honeypot serves several purposes:
  • The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned.
  • The hacker can be caught and stopped while trying to obtain root access to the system.
  • By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.
<!--content_stop-->

Source: Webopedia
 
Garion

Garion

Platinum Member
Apr 23, 2001
2,331
7
81
I'd second the notion to do it only if you really need to. By finding an open system on your network, you're going to draw more hackers to look for other stuff, too. Are you absolutely sure that the rest of your security procedures are tight enough to handle the scrutiny? What do you plan to do if you *do* catch a hacker? If you're just going to ignore it, what's the point? Otherwise, does your company have the resources to create enough of an audit trail to give to the authorities to be proof enough of a hacking attempt? Can you afford the time it would take to do that investigation, or would it just be another "Hey, look - Someone else got in, and this guy is from China, not Poland like the last one!" trap?

Just remember.. You're going to catch some flies if you put it out there. What, then?

- G
 
S

Soybomb

Diamond Member
Jun 30, 2000
9,506
2
81
Originally posted by: Garion
I'd second the notion to do it only if you really need to. By finding an open system on your network, you're going to draw more hackers to look for other stuff, too. Are you absolutely sure that the rest of your security procedures are tight enough to handle the scrutiny? What do you plan to do if you *do* catch a hacker? If you're just going to ignore it, what's the point? Otherwise, does your company have the resources to create enough of an audit trail to give to the authorities to be proof enough of a hacking attempt? Can you afford the time it would take to do that investigation, or would it just be another "Hey, look - Someone else got in, and this guy is from China, not Poland like the last one!" trap?

Just remember.. You're going to catch some flies if you put it out there. What, then?

- G
Click to expand...
And I would like to third the notion. What is your company going to gain from this? From your questions I have to wonder about the need and preparation for the work/precautions to do it properly.......

 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
I just wanted to say (yes, this is wierd coming from me ;)) that we are not trying to be harsh on you or your question. We just want you to know and understand the consequences of setting up a honeypot. It affects more than you and your company and your boss needs to understand this too. Anyhow, keep us posted with how things are going with the honeypot. Its an interresting subject :p
 
F

Fuzznuts

Senior member
Nov 7, 2002
449
0
0
a honeypot is a bit of a odd thing to get some say that your internal network should be so seperate and secure form the public one that the need for it is negated by this fact. you will only be giving the hackers somewhere to play and as has be mentioned many times in this thread unless your actually trying to catch a suspected hack attempt it seems kinda pointless.

Unless for a learning exercise i wouldnt bother if you wish to keep track of what ports are trying to be opened just keep an eye on your firewall logs you do have a firewall dont you :)
 
D

Dowfen

Senior member
Jul 16, 2002
284
0
0
Hi all,

I appreciate all your help! You've presented some very good things that I will bring up with my boss. Some of you pointed out that we may want to decide if we really want to do this and/or have the funds to do it. This is entirely true. Obviously, my boss would not want to do this if it would bring more harm than good.

Thanks again,

Eric
 
D

DnetMHZ

Diamond Member
Apr 10, 2001
9,826
1
81
I would suggest only setting up a honeypot if you suspect that someone is actively attacking your network, the purpose would be to gather evidence to possibly determine the source.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom