Honeypots and Honeynets (71)
See Also:
Regular Links:
 An Evening with Berferd  A hacker is lured, endured, and studied. One of the first examples of a honeypot. First published in 1992. http://all.net/books/berferd/berferd.html
Anton Chuvakin Honeynet Reseach and Live Stats Live honeynet data, papers produced as a result of the honeynet research and other honeypot and honeynet related resources. http://www.chuvakin.com/honeynet/
Back Officer Friendly Created to detect when anyone attempts a Back Orifice scan against your computer. Also detects attempted connections to other services, such as Telnet, FTP, SMTP, POP3 and IMAP2. http://www.nfr.com/resource/backOfficer.php
Basted A program that acts as a honeypot for spammers who use spambots to harvest email addresses from Web sites. http://basted.sourceforge.net/
Bubblegum proxypot An open proxy honeypot (proxypot) that pretends to be an open proxy. Designed primarily to catch the mail spammer. http://world.std.com/~pacman/proxypot.html
Building a GenII Honeynet Gateway This is a short guide to build a GenII Honeynet Gateway, also called a Honeywall, under Linux, broaching the most common problems and providing several solutions and tips. http://www.honeynet.org.es/papers/honeywall/
Deception ToolKit (DTK) A toolkit designed to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities. http://all.net/dtk/index.html
Deploying and Using Sinkholes Configuring and deploying Sink Hole Routers, which are the network equivalent of a honey pot. http://www.arbornetworks.com/dmdocuments/Sinkhole_Tutorial_June03.pdf
French Honeynet Project The French Honeynet Project is a non-profit, all volunteer group dedicated to honeynet research. http://honeynet.rstack.org/
GHH - The "Google Hack" Honeypot GHH emulates a vulnerable web application by allowing itself to be indexed by search engines. It is hidden from casual page viewers, but is found through the use of a crawler or search engine. http://ghh.sourceforge.net/
HoneyC Low-Interaction Client Honeypot A platform independent low interaction client honeypot that allows identify rogue servers on the web. http://honeyc.sourceforge.net
HoneyNet Project A community of organizations actively researching, developing and deploying Honeynets and sharing the lessons learned. http://project.honeynet.org/
Honeybee A tool for semi-automatically creating emulators of network server applications. http://www.thomas-apel.de/honeybee/
Honeyclient Development Project Honeyclient news, downloads, and information. http://www.honeyclient.org/trac
Honeycomb A system for automated generation of signatures for network intrusion detection systems (NIDSs). http://www.cl.cam.ac.uk/~cpk25/honeycomb/index.html
Honeyd Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet, for network monitoring, or as a spam trap. For *BSD, GNU/Linux, and Solaris. http://www.citi.umich.edu/u/provos/honeyd/
Honeyd Control Center Honeyd configuration wizard, a SQL Interface, and reports. http://zope.org/Members/Ioan/HoneydCenter
Honeynet Security Console (HSC) HSC is an analysis tool to view events on your personal honeynet. View and correlate events from Snort, TCPDump, Firewall, Syslog and Sebek logs. http://www.activeworx.org/
Honeynet.BR Brazilian Honeypots Alliance. Includes tools to summaries honeyd logs, mydoom.pl (A perl script which emulates the backdoor installed by the Mydoom virus), and an OpenBSD LiveCD Honeypot. http://www.honeynet.org.br/
Honeynet.org: Tracking Botnets Paper on the use of honeynets to learn more about botnets. Covers uses of botnets, how they work and how to track them. http://www.honeynet.org/papers/bots/
Honeypot + Honeypot = Honeynet Article discussing the creation of the Honeynet Project. http://www.eweek.com/article2/0,4149,1244323,00.asp
Honeypots Information covering intrusion detection and prevention systems, research and production honeypots, and incident handling. Also provides general overview of network security issues. http://www.honeypots.net/
Honeypots: Monitoring and Forensics Project Techniques, tools and resources for conducting Honeypot Research and Forensic Investigation. White papers include monitoring VMware honeypots, apache web server honeypots, and VMware honeypot forensics. http://honeypots.sourceforge.net/
Honeypots: Tracking Hackers White papers, mailing list and other resources related to honeypots. http://www.tracking-hackers.com/
Honeypotting with VMware An article about how to use VMware to produce honeypots to catch system intruders. http://www.seifried.org/security/ids/20020107-honeypot-vmware-basics.html
Honeypotting: The Complete Documentation Index of over 75 papers on Honeypots. http://l0t3k.org/security/docs/honeypotting/en/
Impost Impost can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates with connecting clients; or it can operate as a packet sniffer and monitor incoming data to specified destination port supplied by the com http://impost.sourceforge.net/
Installing a Virtual Honeywall using VMware This paper explains how to go about configuring VMware to deploy a Honeywall, combining the advantages offered by the Honeywall CDROM and the virtual environments. http://www.honeynet.org.es/papers/vhwall/
KeyFocus - KF Sensor - Honey pot IDS A Windows honeypot designed to attract and detect hackers by simulating vulnerable system services and trojans. http://www.keyfocus.net/kfsensor/
Know Your Enemy: GenII Honeynets An Introduction to second generation honeynets (honeywalls). http://www.honeynet.org/papers/gen2/
Know Your Enemy: Learning more about phishing A detailed analysis of phishing through compromised web servers. http://www.honeynet.org/papers/phishing/details/index.html
Know your Enemy: Phishing This white paper aims to provide practical information on the practice of phishing and draws on data collected by the German Honeynet Project and UK Honeynet Project. http://www.honeynet.org/papers/phishing/
LaBrea Tarpit A program that creates a tarpit or, as some have called it, a "sticky honeypot". http://labrea.sourceforge.net/
Medium Interaction Honeypots Document outlines the weaknesses of different existing approaches to catch malware – especially bots – and shows how Medium Interaction Honeypots solves these problems. http://www.pixel-house.net/midinthp.pdf
Nepenthes A low interaction honeypot designed to emulate vulnerabilties worms use to spread, and to capture these worms. http://nepenthes.mwcollect.org/
New Zealand Honeynet project Papers and information on honeypots, especially application layer, e.g. PHP applications, from the New Zealand branch of the Honeynet project (http://www.honeynet.org/). http://www.nz-honeynet.org
Open Proxy Honeypot Web Application Security Consortium Distributed Open Proxy Honeypot Project. http://www.webappsec.org/projects/honeypots/
Philippine Honeynet Project, Philippines Philippine Honeynet Project. Includes transcript of a VMWare Honeynet using Windows XP / Windows 2000 as the base OS. http://www.philippinehoneynet.org
Project Honey Pot: Distributed Spam Harvester Tracking Network A free, distributed, open-source project to help website administrators track, stop, and prosecute spam harvesters stealing email addresses from their sites. http://www.projecthoneypot.org/
SCADA HoneyNet Project SCADA HoneyNet Project: Building Honeypots for Industrial Networks (SCADA, DCS, and PLC architectures). http://scadahoneynet.sourceforge.net/
SecurityDocs - Honeypots Directory of articles, white papers, and documents on honeypots and other security topics. http://www.securitydocs.com/Intrusion_Detection/Honeypots
SecurityFocus: Problems and Challenges with Honeypots Article discussing issues with Honeypot technology, focusing on dealing with the possibility of your Honeypot being detected (and potentially abused) by an attacker. http://www.securityfocus.com/infocus/1757
SecurityFocus: Defeating Honeypots - Network issues, Part 1 Article discussing methods hackers use to detect honeypots. http://www.securityfocus.com/infocus/1803
SecurityFocus: Defeating Honeypots: System Issues, Part 1 This two-part paper discusses how hackers discover, interact with, and sometimes disable honeypots at the system level and the application layer. http://www.securityfocus.com/infocus/1826
SecurityFocus: Dynamic Honeypots Honeypots that dynamically learn your network then deploy virtual honeypots that adapt to your network. http://www.securityfocus.com/infocus/1731
SecurityFocus: Fighting Internet Worms With Honeypots This paper evaluates the usefulness of using honeypots to fight Internet worms and perform counterattacks. http://www.securityfocus.com/infocus/1740
SecurityFocus: Honeypot Farms This article is about deploying and managing honeypots in large, distributed environments through the use of Honeypot Farms. http://www.securityfocus.com/infocus/1720
SecurityFocus: Honeytokens -The Other Honeypot This paper discusses honeytokens, honeypots that are not computers, but rather digital entities that are stored in a restricted part of the network. http://www.securityfocus.com/infocus/1713
SecurityFocus: Microsoft looks to "monkeys" to find Web threats Article discussing how Microsoft have developed a series of Windows XP clients, dubbed "honeymonkeys", that crawl the Web finding sites that use unreported vulnerabilities to compromise unsuspecting users. http://www.securityfocus.com/news/11173
SecurityFocus: Wireless Honeypots Article discussing the use of honeypot technology to combat attacks on wireless networks. http://www.securityfocus.com/infocus/1761
Securityfocus: Fighting Spammers With Honeypots This paper evaluates the usefulness of using honeypots to fight spammers. http://www.securityfocus.com/infocus/1747
Sombria Honeypot System A honeypot system and "Honeypot Exchange Program." http://www.lac.co.jp/business/sns/intelligence/sombria_e.html
SourceForge.net: Project - HoneyView A tool to analyze honeyd-logfiles of the honeyd-daemon. Generates graphical and textual results from queries against the logfile data. http://sourceforge.net/projects/honeyview
Spampoison Website set up to deliver almost infinite numbers of bogus email addresses to email harvesting bots. http://www.spampoison.com/
Spanish Honeynet Project Independent non-profit research organization of security professionals dedicated to information security focused on honeynet technologies. http://www.honeynet.org.es
SécurIT LogIDS, LogAgent, SécurIT Intrusion Detection Toolkit, and ComLog (a cmd.exe wrapper) http://securit.iquebec.com/
Talisker Security Wizardry: Honeypots Describes different commercial and freeware honeypots. http://www.securitywizardry.com/honeypots.htm
The Bait and Switch Honeypot System A system that redirects all hostile traffic from your production systems to a honeypot that is a partial mirror of your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data. http://baitnswitch.sourceforge.net/
The Portuguese Honeynet Project Information on their honeypot farm using HoneyMole. http://www.honeynet-pt.org
The Strider HoneyMonkey Project Microsoft Research project to detect and analyze Web sites hosting malicious code using client-side honeypots. http://research.microsoft.com/HoneyMonkey/
The Team Cymru Darknet Project A Darknet is a portion of routed, allocated IP space in which no active services or servers seemingly reside. However, there is in fact include at least one server for real-time analysis or post-event network forensics. http://www.cymru.com/Darknet/
UK Honeynet Project Provides information surrounding security threats and vulnerabilities active in the wild on UK networks. Home of Honeysnap, tool to analyse Honeywall pcap files and extract summary information. http://www.ukhoneynet.org/
WebMaven (Buggy Bank) WebMaven is an intentionally broken web application. It is intended to be used in a safe legal environment (your own host) as a training tool, as a basic benchmark platform to test web application security scanners and as a Honeypot. http://www.mavensecurity.com/webmaven
fakeAP Generates thousands of counterfeit 802.11b access points for use as part of a honeypot or to confuse Wardrivers, NetStumblers, Script Kiddies, and other undesirables. http://www.blackalchemy.to/project/fakeap/
mwcollect A solution to collect worms and other autonomous spreading malware in a non-native environment like FreeBSD or Linux. Some people consider it a next generation honeypot, however computers running mwcollect cannot actually be infected with the malware. http://www.mwcollect.org
spank A collection of programs to deploy, run and analyse network and host simulations in IP networks. http://spank.sourceforge.net/
thp - Tiny Honeypot A simple honey pot program based on iptables redirects and an xinetd listener. http://www.alpinista.org/thp/ |
|
Last Updated: 2007-10-23 23:06:01