setting up a honeypot

Post by **computathug** » 03 Aug 2007, 11:02

ok i know its the weekend and who knows which party im going to end up at and forget all about what i plan on doing which is to which is to set up a honeypot and write a tutorial for any 1 who is interested along the way. why have i started the post now is so i have to do as i promised myself and keep note of what i am doing and not just get on with it ....do the task ahead and think oh i forgot the tutorial, then write it and miss valuable points out, or even worse ...not bother at all.

so first of all im going to do this in windows to get a feel of it (ok i lie...its because it has to be easier to set up

) then i will do the tutorial in linux.

so i am going to keep bumping this thread and feel free to add anything that may help along the way

cheers guys

Post by **bad_brain** » 03 Aug 2007, 12:56

for Linux take a look here:
http://www.honeyd.org/

Post by **Necrix** » 06 Aug 2007, 22:03

progress?

rambo · Post by **rambo** » 07 Aug 2007, 00:02

I'd love that computathug!.. =]

Post by **computathug** » 07 Aug 2007, 11:04

Necrix wrote:progress?

well as i said i like the weekends but the problem is mine doesn't finish till after monday. So i started today what should have been an hour of a job to build my new pc so that i can replace it and then use an older one for the honeypot but as usual nothing goes straight forward and i have a new hdd that wont load into primary master, and the shop is closed and they will replace it tomorrow. the pc i am on now is the one i plan to use and cant start until the other is ready and have transfered everything i need first. Most is backed up already. i also work 12-14 hrs a day so will be doing this in between so please bear with me. anyway if all goes well i will be on with this first thing tomorrow.

*bump*
ok i finished what work i had for 1 day and its now 4.24 am an am very tired but have done an hour research on hoeypots and i think i might just miss the windows out and go for the linux due to the info i have read

Code: Select all

http://www.p2pnet.net/story/3381

and after reading b_b post dont think it looks too hard so when i finish work tomorrow il be starting my project and will start posting with screenshots although i might have a few questions before i start.

cheers

[/quote]

Lyecdevf · Post by **Lyecdevf** » 10 Aug 2007, 10:12

I would need to one so that I could put malware on it and see what hackers try to do on the box. I would also need one to emulate a linux box so that it would lure hackers to it thinking that it is mine.

Post by **bad_brain** » 10 Aug 2007, 12:44

imo it's the best and easiest way to use a very stable Linux box as host, "stable" means an OS that is known as very secure to minimize the danger of the host system getting compromised (Debian or Slackware would be my recommendations). and then run as much virtual systems as you want on it as honeypots...and this is what honeyd does.

Post by **computathug** » 13 Aug 2007, 06:11

k i am finally giving up for a few days on some jobs i need to get done as i need a break and have a few things to catch up on and my own repairs to make but i have started so heres a run down on the honeypot and installation so if any one can help with any configs etc it would be greatly appreciated.

k i was going to do this on windows first and i will do if any one is interested but having done some research i wouldnt bother so i am going straight for linux. my distro is debien etch for any other users wishing to adapt to there own distro

Code: Select all

su

enter as root and enter password

Code: Select all

apt-get install honeyd

some systems may need to download missing packages but debien forced the packages so no worries on that point

Code: Select all

locate honeyd

will find honeyd

Code: Select all

honeyd

to start the program

then it will ask if you want to make space etc type *y

k so now its running on eth0 etc

close shell and now if i type honeyd

Code: Select all

honeyd: ip_open: operation not permitted

so now where can i check ther logs and how its running ?

thanks in advance

Post by **ayu** » 13 Aug 2007, 06:27

i am so going to do this when i (on some magical way) install Linux on the other comp : D

Post by **computathug** » 13 Aug 2007, 07:13

i am also running guarddog firewall so will i need to make any configurations in this?

thanks again in advance

*note to self*

the more i use linux the more i like it.
i must use linux morei must use linux morei must use linux morei must use linux morei must use linux morei must use linux morei must use linux more

Post by **ayu** » 13 Aug 2007, 10:44

I installed it as well now, seems like the logs will be placed in var/log/honeyd but i can't find where do configure it :/ there are sample scripts on their site though

http://www.honeyd.org/configuration.php

tell me if you find how to configure it ^^

Post by **computathug** » 13 Aug 2007, 11:12

using debian etch i tried
/configure
make
make install
but seemed none were needed
just open shell and locate honeyd
then type
honeyd
or maybe i am missing something

*cheers for the log page details

*edit * sorry just read the post properly

Post by **ayu** » 13 Aug 2007, 11:16

Yeah i have it running but i can't figure out how to configure it ^^

Post by **computathug** » 13 Aug 2007, 12:10

Code: Select all

http://pcquest.ciol.com/content/linux/2004/104050806.asp

take a look there

k i have opened shell and

Code: Select all

locate honeyd

i gather now i have to make the fake ips or do i use my real ip first using

Code: Select all

arpd 192.168.1.111

would be a fake ip but i get error code

Code: Select all

ioctl (SIOCGIFINDEX): NO SUCH DEVICE

Post by **bad_brain** » 13 Aug 2007, 12:15

thuuuuggyyyy....it's Debian, no need to mess around with source files when official packages available...

http://www.us.debian.org/distrib/packag ... h_packages
enter honeyd and voila.....so all you need to do to install is:

Code: Select all

apt-get install honeyd