What is honeyd:
Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses - I have tested up to 65536 - on a LAN for network simulation. Honeyd improves cyber security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems. Honeyd is open source software released under GNU General Public License.
How to Setup honeyd:
I have Installed KaliLinux and Backtrack 5 on my Windows 8 virtual box. I am going to setting up the Honeyd in Backtrack 5 and will test it from KaliLinux.
Stage -1
Install virtual box on Windows operating system
Stage -2
Install BackTrack and KaliLinux on virtual box with bridged mode.
Stage -3
Stage -2
Install BackTrack and KaliLinux on virtual box with bridged mode.
Stage -3
Edit the honeyd config file in Backtrack 5 Operating system.
Configure honeyD
1. Open a terminal window on Backtrack 5
2. Open a configuration file by typing the following command at the terminal prompt
gedit honeyd.conf
This will open a file by name honeyd.conf
Type the following,
create default
set default personality “Win98"
set default defaulttcp action block
set default defaultudp action block
set default defaulticmp action block
*/default is created so that in case no behavior is specified for a particular IP, honeyD will default to default behavior. Default behavior of ports is as follows,
TCP – open - Respond with Syn/Ack, establish connection
UDP - closed*/
create windows
set windows personality "Microsoft Windows XP Professional sp1l"
set windows default tcp action reset
add windows tcp port 135 open
add windows tcp port 139 open
add windows tcp port 445 open
set windows ethernet "00:00:24:ab:8c:12"
bind 192.168.0.44 windows
create solaris
set solaris personality "Microsoft Windows XP Professional"
set solaris default tcp action reset
add solaristcp port 22 open
add solaristcp port 2049 open
set solarisethernet "00:00:24:ab:8c:13"
bind 192.168.0.45 solaris
Configure honeyD
1. Open a terminal window on Backtrack 5
2. Open a configuration file by typing the following command at the terminal prompt
gedit honeyd.conf
This will open a file by name honeyd.conf
Type the following,
create default
set default personality “Win98"
set default defaulttcp action block
set default defaultudp action block
set default defaulticmp action block
*/default is created so that in case no behavior is specified for a particular IP, honeyD will default to default behavior. Default behavior of ports is as follows,
TCP – open - Respond with Syn/Ack, establish connection
UDP - closed*/
create windows
set windows personality "Microsoft Windows XP Professional sp1l"
set windows default tcp action reset
add windows tcp port 135 open
add windows tcp port 139 open
add windows tcp port 445 open
set windows ethernet "00:00:24:ab:8c:12"
bind 192.168.0.44 windows
create solaris
set solaris personality "Microsoft Windows XP Professional"
set solaris default tcp action reset
add solaristcp port 22 open
add solaristcp port 2049 open
set solarisethernet "00:00:24:ab:8c:13"
bind 192.168.0.45 solaris
Save and close file
Stage 4:
Go back to the terminal window.
Type the command,
honeyd -d -f ¬i eth0 honeyd.conf
/* eth is selected depending on wifi, Ethernet etc*/
Stage 5:
Stage 4:
Go back to the terminal window.
Type the command,
honeyd -d -f ¬i eth0 honeyd.conf
/* eth is selected depending on wifi, Ethernet etc*/
Stage 5:
Testing the Honeyd labGo to the KaliLinux terminal and do the nmap scan against virtual solaris IP which is created using honeyd
nmap 192.168.0.45
nmap 192.168.0.45
See the alert message which is pop upped in Backtrack 5 about Nmap scanning
Using honeyd we can create more virtual systems and we can test the same. There is big researches are carrying out to find better honeypot security on cyber.Hope you enjoy this tutorial.
About an Author :
Pramod Kumar - G+
Research Mentor - IOT
BINT - Researcher
Posts
