setting up a honeypot
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
setting up a honeypot
ok i know its the weekend and who knows which party im going to end up at and forget all about what i plan on doing which is to which is to set up a honeypot and write a tutorial for any 1 who is interested along the way. why have i started the post now is so i have to do as i promised myself and keep note of what i am doing and not just get on with it ....do the task ahead and think oh i forgot the tutorial, then write it and miss valuable points out, or even worse ...not bother at all.
so first of all im going to do this in windows to get a feel of it (ok i lie...its because it has to be easier to set up ) then i will do the tutorial in linux.
so i am going to keep bumping this thread and feel free to add anything that may help along the way
cheers guys
so first of all im going to do this in windows to get a feel of it (ok i lie...its because it has to be easier to set up ) then i will do the tutorial in linux.
so i am going to keep bumping this thread and feel free to add anything that may help along the way
cheers guys
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
well as i said i like the weekends but the problem is mine doesn't finish till after monday. So i started today what should have been an hour of a job to build my new pc so that i can replace it and then use an older one for the honeypot but as usual nothing goes straight forward and i have a new hdd that wont load into primary master, and the shop is closed and they will replace it tomorrow. the pc i am on now is the one i plan to use and cant start until the other is ready and have transfered everything i need first. Most is backed up already. i also work 12-14 hrs a day so will be doing this in between so please bear with me. anyway if all goes well i will be on with this first thing tomorrow.Necrix wrote:progress?
*bump*
ok i finished what work i had for 1 day and its now 4.24 am an am very tired but have done an hour research on hoeypots and i think i might just miss the windows out and go for the linux due to the info i have read
Code: Select all
http://www.p2pnet.net/story/3381
cheers [/quote]
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
imo it's the best and easiest way to use a very stable Linux box as host, "stable" means an OS that is known as very secure to minimize the danger of the host system getting compromised (Debian or Slackware would be my recommendations). and then run as much virtual systems as you want on it as honeypots...and this is what honeyd does.
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
k i am finally giving up for a few days on some jobs i need to get done as i need a break and have a few things to catch up on and my own repairs to make but i have started so heres a run down on the honeypot and installation so if any one can help with any configs etc it would be greatly appreciated.
k i was going to do this on windows first and i will do if any one is interested but having done some research i wouldnt bother so i am going straight for linux. my distro is debien etch for any other users wishing to adapt to there own distro
enter as root and enter password
some systems may need to download missing packages but debien forced the packages so no worries on that point
will find honeyd
to start the program
then it will ask if you want to make space etc type *y
k so now its running on eth0 etc
close shell and now if i type honeyd
so now where can i check ther logs and how its running ?
thanks in advance
k i was going to do this on windows first and i will do if any one is interested but having done some research i wouldnt bother so i am going straight for linux. my distro is debien etch for any other users wishing to adapt to there own distro
Code: Select all
su
Code: Select all
apt-get install honeyd
Code: Select all
locate honeyd
Code: Select all
honeyd
then it will ask if you want to make space etc type *y
k so now its running on eth0 etc
close shell and now if i type honeyd
Code: Select all
honeyd: ip_open: operation not permitted
thanks in advance
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
i am also running guarddog firewall so will i need to make any configurations in this?
thanks again in advance
*note to self*
the more i use linux the more i like it.
i must use linux morei must use linux morei must use linux morei must use linux morei must use linux morei must use linux morei must use linux more
thanks again in advance
*note to self*
the more i use linux the more i like it.
i must use linux morei must use linux morei must use linux morei must use linux morei must use linux morei must use linux morei must use linux more
I installed it as well now, seems like the logs will be placed in var/log/honeyd but i can't find where do configure it :/ there are sample scripts on their site though
http://www.honeyd.org/configuration.php
tell me if you find how to configure it ^^
http://www.honeyd.org/configuration.php
tell me if you find how to configure it ^^
"The best place to hide a tree, is in a forest"
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
using debian etch i tried
/configure
make
make install
but seemed none were needed
just open shell and locate honeyd
then type
honeyd
or maybe i am missing something
*cheers for the log page details
*edit * sorry just read the post properly
/configure
make
make install
but seemed none were needed
just open shell and locate honeyd
then type
honeyd
or maybe i am missing something
*cheers for the log page details
*edit * sorry just read the post properly
Last edited by computathug on 13 Aug 2007, 11:18, edited 2 times in total.
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
Code: Select all
http://pcquest.ciol.com/content/linux/2004/104050806.asp
k i have opened shell and
Code: Select all
locate honeyd
Code: Select all
arpd 192.168.1.111
Code: Select all
ioctl (SIOCGIFINDEX): NO SUCH DEVICE
Last edited by computathug on 13 Aug 2007, 12:18, edited 1 time in total.
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
thuuuuggyyyy....it's Debian, no need to mess around with source files when official packages available...
http://www.us.debian.org/distrib/packag ... h_packages
enter honeyd and voila.....so all you need to do to install is:
http://www.us.debian.org/distrib/packag ... h_packages
enter honeyd and voila.....so all you need to do to install is:
Code: Select all
apt-get install honeyd