What is HoneyPot??
In layman terms we can say it is a trap set by the administrators for the hackers, to fool them or to make them believe that they are hacking into admins system, but instead of that hackers are getting hacked by the admin.
How does this work??
This works by presenting the hackers a foul scenario where , hacker thinks that he is penetrating into the system but instead, he is going no where except he is playing in the world created by the admins. By doing so, admins are able to check all the malicious activity of the hackers like what all ports hackers are trying to
connect, what files they are trying to upload, which all sections they are trying to access.
HonyPot is mainly designed to trap the hackers, or present a virtual system to the hackers which never exists.
Technically, Honeypot tries to listen to all the ports on the system, and whenever hacker tries to port scan the system, it gets a list of open ports which he thinks is open but actually, it is the opened port which is shown by the honeypot behind the firewall, so when ever hacker tries to access some random port say 100, then he is accessing the honeypot not the system,
Above scenario can be visualised better: Install a VM ware on a system and run any low version of windows or linux on it with all ports open, and port forward those ports on the host system, so when ever hacker tries to fingerprint or try to do port scan, then he will be gettng info about the VM ware not the host system, hacker may be able to penetrate into the VM ware OS, but our HOST OS remains safe.
But there are mainly deficulty in doing the above job , so special application is created called HONEYPOT to do this job and many other jobs like tracking of packets, file access etc.
There are mainly 3 types of honeypots available:
1.Small: Mainly keeps the log of ip-address which are trying to access your system alongwith the port
2.Medium: Its functionality is little advanced, keeping track of files accessed, time-period, hosts etc.
3.Large: It provides all the functionality, but the main feature of these kind of Honeypots are security feature, these can simulate virtual os for the outsiders or hackers very well.
In this article I am going to give the example of HoneyPot of small scale for Windows.
HoneyPots are available both on commercial platform and also as open source, I am taking the example of KFsensor which is freely available here.
STEP 1: Download the KFSENSOR and winpcap.
STEP 2: Restart your system, start winpcap server from the folder menu where it is saved mainly in c:\ drive
STEP 3: Start KFsensor, do as promted in the window , it is mainly for the configuring of your new HONEYPOT.
STEP4: Done, keep your system up for the packets scanning.
 |
| KFSensor screenshot |
*****************
for more information about this program and how it work please check this video
If you want to learn about the latest types of honeypots, how they work, and what they can do for you,this is the resource you need :
Virtual HoneyPots :From Botnet Trackning To Instrusion Detection
*****************
*****************
