HubHip: Computers: Security: Honeypots and Honeynets (76)

   Honeypots and Honeynets

• Honeyd (Site) - Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet, for network monitoring, or as a spam trap. For *BSD, GNU/Linux, and Solaris.
• Honeypots (Site) - Information covering intrusion detection and prevention systems, research and production honeypots, and incident handling. Also provides general overview of network security issues.
• SecurityDocs - Honeypots (Site) - Directory of articles, white papers, and documents on honeypots and other security topics.
• Honeypots: Monitoring and Forensics Project (Site) - Techniques, tools and resources for conducting Honeypot Research and Forensic Investigation. White papers include monitoring VMware honeypots, apache web server honeypots, and VMware honeypot forensics.
• Back Officer Friendly (Site) - Created to detect when anyone attempts a Back Orifice scan against your computer. Also detects attempted connections to other services, such as Telnet, FTP, SMTP, POP3 and IMAP2.
• An Evening with Berferd (Site) - A hacker is lured, endured, and studied. One of the first examples of a honeypot. First published in 1992.
• SourceForge.net: Project - HoneyView (Site) - A tool to analyze honeyd-logfiles of the honeyd-daemon. Generates graphical and textual results from queries against the logfile data.
• Talisker Security Wizardry: Honeypots (Site) - Describes different commercial and freeware honeypots.
• Deception ToolKit (DTK) (Site) - A toolkit designed to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities.
• LaBrea Tarpit (Site) - A program that creates a tarpit or, as some have called it, a "sticky honeypot".
• Honeynet Security Console (HSC) (Site) - HSC is an analysis tool to view events on your personal honeynet. View and correlate events from Snort, TCPDump, Firewall, Syslog and Sebek logs.
• Honeynet.BR (Site) - Brazilian Honeypots Alliance. Includes tools to summaries honeyd logs, mydoom.pl (A perl script which emulates the backdoor installed by the Mydoom virus), and an OpenBSD LiveCD Honeypot.
• Nepenthes (Site) - A low interaction honeypot designed to emulate vulnerabilties worms use to spread, and to capture these worms.
• Chinese Honeynet Project (Site) - The Artemis Project (Chinese Honeynet Project).
• Anton Chuvakin Honeynet Reseach and Live Stats (Site) - Live honeynet data, papers produced as a result of the honeynet research and other honeypot and honeynet related resources.
• Capture (Site) - A high interaction client honeypot. A client honeypot is a security technology that allows one to find malicious servers on a network.
• Honeyclient Development Project (Site) - Honeyclient news, downloads, and information.
• NoAH (Site) - European Network of Affiliated Honeypots.
• Honeypots: Tracking Hackers (Site) - White papers, mailing list and other resources related to honeypots.
• SecurityFocus: Defeating Honeypots: System Issues, Part 1 (Site) - This two-part paper discusses how hackers discover, interact with, and sometimes disable honeypots at the system level and the application layer.
• Netbait (Site) - Netbait Commercial Honeypot.
• mwcollect (Site) - A solution to collect worms and other autonomous spreading malware in a non-native environment like FreeBSD or Linux. Some people consider it a next generation honeypot, however computers running mwcollect cannot actually be infected with the malware.
• The Bait and Switch Honeypot System (Site) - A system that redirects all hostile traffic from your production systems to a honeypot that is a partial mirror of your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data.
• KeyFocus - KF Sensor - Honey pot IDS (Site) - A Windows honeypot designed to attract and detect hackers by simulating vulnerable system services and trojans.
• Deploying and Using Sinkholes (Site) - Configuring and deploying Sink Hole Routers, which are the network equivalent of a honey pot.
• SCADA HoneyNet Project (Site) - SCADA HoneyNet Project: Building Honeypots for Industrial Networks (SCADA, DCS, and PLC architectures).
• HoneyC Low-Interaction Client Honeypot (Site) - A platform independent low interaction client honeypot that allows identify rogue servers on the web.
• fakeAP (Site) - Generates thousands of counterfeit 802.11b access points for use as part of a honeypot or to confuse Wardrivers, NetStumblers, Script Kiddies, and other undesirables.
• New Zealand Honeynet project (Site) - Papers and information on honeypots, especially application layer, e.g. PHP applications, from the New Zealand branch of the Honeynet project (http://www.honeynet.org/).
• Honeywall CDROM (Site) - A honeynet gateway on a bootable CDROM.
• HoneyNet Project (Site) - A community of organizations actively researching, developing and deploying Honeynets and sharing the lessons learned.
• Know Your Enemy: GenII Honeynets (Site) - An Introduction to second generation honeynets (honeywalls).
• thp - Tiny Honeypot (Site) - A simple honey pot program based on iptables redirects and an xinetd listener.
• Basted (Site) - A program that acts as a honeypot for spammers who use spambots to harvest email addresses from Web sites.
• Honeybee (Site) - A tool for semi-automatically creating emulators of network server applications.
• Impost (Site) - Impost can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates with connecting clients; or it can operate as a packet sniffer and monitor incoming data to specified destination port supplied by the command-line arguments (pre-release version available).
• The Strider HoneyMonkey Project (Site) - Microsoft Research project to detect and analyze Web sites hosting malicious code using client-side honeypots.
• WebMaven (Buggy Bank) (Site) - WebMaven is an intentionally broken web application. It is intended to be used in a safe legal environment (your own host) as a training tool, as a basic benchmark platform to test web application security scanners and as a Honeypot.
• Philippine Honeynet Project, Philippines (Site) - Philippine Honeynet Project. Includes transcript of a VMWare Honeynet using Windows XP / Windows 2000 as the base OS.
• spank (Site) - A collection of programs to deploy, run and analyse network and host simulations in IP networks.
• SécurIT (Site) - LogIDS, LogAgent, SécurIT Intrusion Detection Toolkit, and ComLog (a cmd.exe wrapper)
• Spanish Honeynet Project (Site) - Independent non-profit research organization of security professionals dedicated to information security focused on honeynet technologies.
• The Portuguese Honeynet Project (Site) - Information on their honeypot farm using HoneyMole.
• The Team Cymru Darknet Project (Site) - A Darknet is a portion of routed, allocated IP space in which no active services or servers seemingly reside. However, there is in fact include at least one server for real-time analysis or post-event network forensics.
• UK Honeynet Project (Site) - Provides information surrounding security threats and vulnerabilities active in the wild on UK networks. Home of Honeysnap, tool to analyse Honeywall pcap files and extract summary information.
• Spampoison (Site) - Website set up to deliver almost infinite numbers of bogus email addresses to email harvesting bots.
• Honeyblog (Site) - A weblog about with IT-security, honeypots, and honeynets.
• Installing a Virtual Honeywall using VMware (Site) - This paper explains how to go about configuring VMware to deploy a Honeywall, combining the advantages offered by the Honeywall CDROM and the virtual environments.
• Open Proxy Honeypot (Site) - Web Application Security Consortium Distributed Open Proxy Honeypot Project.
• Building a GenII Honeynet Gateway (Site) - This is a short guide to build a GenII Honeynet Gateway, also called a Honeywall, under Linux, broaching the most common problems and providing several solutions and tips.
• Honeycomb (Site) - A system for automated generation of signatures for network intrusion detection systems (NIDSs).
• Project Honey Pot: Distributed Spam Harvester Tracking Network (Site) - A free, distributed, open-source project to help website administrators track, stop, and prosecute spam harvesters stealing email addresses from their sites.
• Client honeypot / honeyclient (Site) - Wikipedia article on client honeypots.
• Honeyd Control Center (Site) - Honeyd configuration wizard, a SQL Interface, and reports.
• Honeywall (Site) - The Honeywall CDROM is a bootable CD that installs onto a hard drive and comes with all the tools and functionality for you to implement data capture, control and analysis.
• Sombria Honeypot System (Site) - A honeypot system and "Honeypot Exchange Program."
• HoneyBOT (Site) - A free windows based medium interaction honeypot solution.
• Honeypotting: The Complete Documentation (Site) - Index of over 75 papers on Honeypots.
• MITRE Honeyclient Project (Site) - The first open source client honeypot.
• GHH - The "Google Hack" Honeypot (Site) - GHH emulates a vulnerable web application by allowing itself to be indexed by search engines. It is hidden from casual page viewers, but is found through the use of a crawler or search engine.
• MicroSolved, Inc. (Site) - Seller of HoneyPoint family of products.

• Honeyd (Site) - Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet, for network monitoring, or as a spam trap. For *BSD, GNU/Linux, and Solaris.
• Honeypots (Site) - Information covering intrusion detection and prevention systems, research and production honeypots, and incident handling. Also provides general overview of network security issues.
• SecurityDocs - Honeypots (Site) - Directory of articles, white papers, and documents on honeypots and other security topics.
• Honeypots: Monitoring and Forensics Project (Site) - Techniques, tools and resources for conducting Honeypot Research and Forensic Investigation. White papers include monitoring VMware honeypots, apache web server honeypots, and VMware honeypot forensics.
• Back Officer Friendly (Site) - Created to detect when anyone attempts a Back Orifice scan against your computer. Also detects attempted connections to other services, such as Telnet, FTP, SMTP, POP3 and IMAP2.
• An Evening with Berferd (Site) - A hacker is lured, endured, and studied. One of the first examples of a honeypot. First published in 1992.
• SourceForge.net: Project - HoneyView (Site) - A tool to analyze honeyd-logfiles of the honeyd-daemon. Generates graphical and textual results from queries against the logfile data.
• Talisker Security Wizardry: Honeypots (Site) - Describes different commercial and freeware honeypots.
• Deception ToolKit (DTK) (Site) - A toolkit designed to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities.
• LaBrea Tarpit (Site) - A program that creates a tarpit or, as some have called it, a "sticky honeypot".
• Honeynet Security Console (HSC) (Site) - HSC is an analysis tool to view events on your personal honeynet. View and correlate events from Snort, TCPDump, Firewall, Syslog and Sebek logs.
• Honeynet.BR (Site) - Brazilian Honeypots Alliance. Includes tools to summaries honeyd logs, mydoom.pl (A perl script which emulates the backdoor installed by the Mydoom virus), and an OpenBSD LiveCD Honeypot.
• Nepenthes (Site) - A low interaction honeypot designed to emulate vulnerabilties worms use to spread, and to capture these worms.
• Chinese Honeynet Project (Site) - The Artemis Project (Chinese Honeynet Project).
• Anton Chuvakin Honeynet Reseach and Live Stats (Site) - Live honeynet data, papers produced as a result of the honeynet research and other honeypot and honeynet related resources.
• Capture (Site) - A high interaction client honeypot. A client honeypot is a security technology that allows one to find malicious servers on a network.
• Honeyclient Development Project (Site) - Honeyclient news, downloads, and information.
• NoAH (Site) - European Network of Affiliated Honeypots.
• Honeypots: Tracking Hackers (Site) - White papers, mailing list and other resources related to honeypots.
• SecurityFocus: Defeating Honeypots: System Issues, Part 1 (Site) - This two-part paper discusses how hackers discover, interact with, and sometimes disable honeypots at the system level and the application layer.
• Netbait (Site) - Netbait Commercial Honeypot.
• mwcollect (Site) - A solution to collect worms and other autonomous spreading malware in a non-native environment like FreeBSD or Linux. Some people consider it a next generation honeypot, however computers running mwcollect cannot actually be infected with the malware.
• The Bait and Switch Honeypot System (Site) - A system that redirects all hostile traffic from your production systems to a honeypot that is a partial mirror of your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data.
• KeyFocus - KF Sensor - Honey pot IDS (Site) - A Windows honeypot designed to attract and detect hackers by simulating vulnerable system services and trojans.
• Deploying and Using Sinkholes (Site) - Configuring and deploying Sink Hole Routers, which are the network equivalent of a honey pot.
• SCADA HoneyNet Project (Site) - SCADA HoneyNet Project: Building Honeypots for Industrial Networks (SCADA, DCS, and PLC architectures).
• HoneyC Low-Interaction Client Honeypot (Site) - A platform independent low interaction client honeypot that allows identify rogue servers on the web.
• fakeAP (Site) - Generates thousands of counterfeit 802.11b access points for use as part of a honeypot or to confuse Wardrivers, NetStumblers, Script Kiddies, and other undesirables.
• New Zealand Honeynet project (Site) - Papers and information on honeypots, especially application layer, e.g. PHP applications, from the New Zealand branch of the Honeynet project (http://www.honeynet.org/).
• Honeywall CDROM (Site) - A honeynet gateway on a bootable CDROM.
• HoneyNet Project (Site) - A community of organizations actively researching, developing and deploying Honeynets and sharing the lessons learned.
• Know Your Enemy: GenII Honeynets (Site) - An Introduction to second generation honeynets (honeywalls).
• thp - Tiny Honeypot (Site) - A simple honey pot program based on iptables redirects and an xinetd listener.
• Basted (Site) - A program that acts as a honeypot for spammers who use spambots to harvest email addresses from Web sites.
• Honeybee (Site) - A tool for semi-automatically creating emulators of network server applications.
• Impost (Site) - Impost can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates with connecting clients; or it can operate as a packet sniffer and monitor incoming data to specified destination port supplied by the command-line arguments (pre-release version available).
• The Strider HoneyMonkey Project (Site) - Microsoft Research project to detect and analyze Web sites hosting malicious code using client-side honeypots.
• WebMaven (Buggy Bank) (Site) - WebMaven is an intentionally broken web application. It is intended to be used in a safe legal environment (your own host) as a training tool, as a basic benchmark platform to test web application security scanners and as a Honeypot.
• Philippine Honeynet Project, Philippines (Site) - Philippine Honeynet Project. Includes transcript of a VMWare Honeynet using Windows XP / Windows 2000 as the base OS.
• spank (Site) - A collection of programs to deploy, run and analyse network and host simulations in IP networks.
• SécurIT (Site) - LogIDS, LogAgent, SécurIT Intrusion Detection Toolkit, and ComLog (a cmd.exe wrapper)
• Spanish Honeynet Project (Site) - Independent non-profit research organization of security professionals dedicated to information security focused on honeynet technologies.
• The Portuguese Honeynet Project (Site) - Information on their honeypot farm using HoneyMole.
• The Team Cymru Darknet Project (Site) - A Darknet is a portion of routed, allocated IP space in which no active services or servers seemingly reside. However, there is in fact include at least one server for real-time analysis or post-event network forensics.
• UK Honeynet Project (Site) - Provides information surrounding security threats and vulnerabilities active in the wild on UK networks. Home of Honeysnap, tool to analyse Honeywall pcap files and extract summary information.
• Spampoison (Site) - Website set up to deliver almost infinite numbers of bogus email addresses to email harvesting bots.
• Honeyblog (Site) - A weblog about with IT-security, honeypots, and honeynets.
• Installing a Virtual Honeywall using VMware (Site) - This paper explains how to go about configuring VMware to deploy a Honeywall, combining the advantages offered by the Honeywall CDROM and the virtual environments.
• Open Proxy Honeypot (Site) - Web Application Security Consortium Distributed Open Proxy Honeypot Project.
• Building a GenII Honeynet Gateway (Site) - This is a short guide to build a GenII Honeynet Gateway, also called a Honeywall, under Linux, broaching the most common problems and providing several solutions and tips.
• Honeycomb (Site) - A system for automated generation of signatures for network intrusion detection systems (NIDSs).
• Project Honey Pot: Distributed Spam Harvester Tracking Network (Site) - A free, distributed, open-source project to help website administrators track, stop, and prosecute spam harvesters stealing email addresses from their sites.
• Client honeypot / honeyclient (Site) - Wikipedia article on client honeypots.
• Honeyd Control Center (Site) - Honeyd configuration wizard, a SQL Interface, and reports.
• Honeywall (Site) - The Honeywall CDROM is a bootable CD that installs onto a hard drive and comes with all the tools and functionality for you to implement data capture, control and analysis.
• Sombria Honeypot System (Site) - A honeypot system and "Honeypot Exchange Program."
• HoneyBOT (Site) - A free windows based medium interaction honeypot solution.
• Honeypotting: The Complete Documentation (Site) - Index of over 75 papers on Honeypots.
• MITRE Honeyclient Project (Site) - The first open source client honeypot.
• GHH - The "Google Hack" Honeypot (Site) - GHH emulates a vulnerable web application by allowing itself to be indexed by search engines. It is hidden from casual page viewers, but is found through the use of a crawler or search engine.
• MicroSolved, Inc. (Site) - Seller of HoneyPoint family of products.
• SecurityFocus: Dynamic Honeypots () - Honeypots that dynamically learn your network then deploy virtual honeypots that adapt to your network.
• SecurityFocus: Fighting Internet Worms With Honeypots () - This paper evaluates the usefulness of using honeypots to fight Internet worms and perform counterattacks.
• Medium Interaction Honeypots (PDF) - Document outlines the weaknesses of different existing approaches to catch malware – especially bots – and shows how Medium Interaction Honeypots solves these problems.
• SecurityFocus: Honeytokens -The Other Honeypot () - This paper discusses honeytokens, honeypots that are not computers, but rather digital entities that are stored in a restricted part of the network.
• SecurityFocus: Defeating Honeypots - Network issues, Part 1 () - Article discussing methods hackers use to detect honeypots.
• SecurityFocus: Problems and Challenges with Honeypots () - Article discussing issues with Honeypot technology, focusing on dealing with the possibility of your Honeypot being detected (and potentially abused) by an attacker.
• SecurityFocus: Microsoft looks to "monkeys" to find Web threats () - Article discussing how Microsoft have developed a series of Windows XP clients, dubbed "honeymonkeys", that crawl the Web finding sites that use unreported vulnerabilities to compromise unsuspecting users.
• Honeypotting with VMware () - An article about how to use VMware to produce honeypots to catch system intruders.
• SecurityFocus: Wireless Honeypots () - Article discussing the use of honeypot technology to combat attacks on wireless networks.
• Securityfocus: Fighting Spammers With Honeypots () - This paper evaluates the usefulness of using honeypots to fight spammers.
• Know your Enemy: Phishing () - This white paper aims to provide practical information on the practice of phishing and draws on data collected by the German Honeynet Project and UK Honeynet Project.
• SecurityFocus: Honeypot Farms () - This article is about deploying and managing honeypots in large, distributed environments through the use of Honeypot Farms.
• Know Your Enemy: Learning more about phishing () - A detailed analysis of phishing through compromised web servers.
• Honeypot + Honeypot = Honeynet () - Article discussing the creation of the Honeynet Project.
• Honeynet.org: Tracking Botnets () - Paper on the use of honeynets to learn more about botnets. Covers uses of botnets, how they work and how to track them.