HoneyPot: Explained

EDB-ID:

14317

CVE:

N/A


Author:

s1ayer

Type:

papers


Platform:

Multiple

Date:

2010-07-10


Topic: HoneyPot :Explained
Author:s1ayer

Greetz:b0nd bro, Eberly, r45,vaibhav,jappy,Mr.XXXX,Godwin Austin,sai bro, fb1, and all ICW and G4H members

Shoutz: To all Indians out there.

contact:s1ayer.icw@gmail.com

Website:www.garage4hackers.com
        www.andhrahackers.com
        http://www.security-informatica.blogspot.com
=======================================================================================================================
What is HoneyPot??
In layman terms we can say it is a trap set by the administrators for the hackers, to fool them or to make them believe 
that they are hacking into admins system, but instead of that hackers are getting hacked by the admin.

How does this work??
This works by presenting the hackers a foul scenario where , hacker thinks that he is penetrating into the system but 
instead, he is going no where except he is playing in the world created by the admins. By doing so, admins are able to check all 
the malicious activity of the hackers like what all ports hackers are trying to connect, what files they are trying to upload, 
which all sections they are trying to access.

HonyPot is mainly designed to trap the hackers, or present a virtual system to the hackers which never exists.

Technically, Honeypot tries to listen to all the ports on the system, and whenever hacker tries to port scan the system, 
it gets a list of open ports which he thinks is open but actually, it is the opened port which is shown by the honeypot behind 
the firewall, so when ever hacker tries to access some random port say 100, then he is accessing the honeypot not the system.

Above scenario can be visualised better: Install a VM ware on a system and run any low version of windows or linux on it with
 all ports open, and port forward those ports on the host system, so when ever hacker tries to fingerprint or try to do port 
scan, then he will be gettng info about the VM ware not the host system, hacker may be able to penetrate into the VM ware OS,
 but our HOST OS remains safe.

But there are mainly deficulty in doing the above job , so special application is created called HONEYPOT to do this job and
 many other jobs like tracking of packets, file access etc.

There are mainly 3 types of honeypots available:
1.Small: Mainly keeps the log of ip-address which are trying to access your system alongwith the port
2.Medium: Its functionality is little advanced, keeping track of files accessed, time-period, hosts etc.
3.Large: It provides all the functionality, but the main feature of these kind of Honeypots are security feature, these can 
simulate virtual os for the outsiders or hackers very well.

In this article I am going to give the example of HoneyPot of small scale for Windows.
HoneyPots are available both on commercial platform and also as open source, I am taking the example of KFsensor which is
 freely available on their official website.
STEP 1: Download the KFSENSOR and winpcap from their website and install them
STEP 2: Restart your system, start winpcap server from the folder menu where it is saved mainly in c:\ drive
STEP 3: Start KFsensor, do as promted in the window , it is mainly for the configuring of your new HONEYPOT.
STEP4: Done, keep your system up for the packets scanning.


image:http://3.bp.blogspot.com/_bujltUQhRY0/TDZLzqusauI/AAAAAAAAADI/AuA8PkHu3R0/s640/untitled.bmp

Here in above picture u can see some port numbers are striked out, because you need to restart the system, then start your
 honeypot, then internet connection, else these ports will be used by net connection first, then this honeypot willnot be
 able to access these ports, hence no information gathering will be possible.

image:http://3.bp.blogspot.com/_bujltUQhRY0/TDZPfypnPaI/AAAAAAAAADQ/O68f_6mOYKU/s640/untitled.bmp
Within minutes of intallation of this small honeypot i got the scanning alert sound, when checked these were the UDP packets 
mainly left over the internet for scanning of hosts.
============================================================================================================================
Silence is not our weakness, Its just we dont want to waste our time, Its my way of explanation...............

JAI MATA DI