Put a Honeypot on Your Network

Posted on Sunday, June 27, 2010 1:52 pm by TCAT Shelbyville IT Department

What exactly is a honeypot?   A honeypot is a non critical computer that has software on it that allows the monitoring of users who are on your network or if the honeypot has a public ip address, it can be used to monitor outside users.   This in turn allows you to view the ip address of the ‘curious’ and possibly malicious user of your network.   By obtaining the ip address, you can in turn block the ip address at your ISP level or on your firewall.

With no installation required and free to use ____ allows you to place a honeypot on your computer.   By simply running the program and selecting the configuration you want, you can monitor users who try to ‘break’ into your computer.   If you select a webserver, you can create a folder on your computer and place a ‘fake’ database with names and html in the folder.   This decoy server allows you to see ‘who’ is trying to circumvent your network.  

Internally this allows you to track back users who may be navigating on your network.   With most network policies, users should not navigate or attempt to navigate internally.

You will have to open your firewall (software on the host computer).  The configuration below shows port 80 open (webserver) and port 7 (ICMP or ping).

When configuring a webserver, you will have to create the folder wwwroot in your c: drive.  You will also have to create index.htm, a simple webpage.  If you aren’t web savvy, simply open an office document, type in the information you want and save as an htm document (index.htm) in the c:\wwwroot folder.

When you return to the main screen, click on monitoring and your honeypot will minimize to the system tray.  You can monitor live by opening the program.

To test the computer’s honeypot, go to another machine and type the ip address of the honeypot host into a webbrowser.  Below you will see the computer’s ip address has been logged.   The green is the honeypot’s ip address and the red is the malicious host.

This honeypot software is free and from Sourceforge (direct link to download).

Developer’s website.

About TCAT Shelbyville IT Department

The Tennessee College of Applied Technology - is one of 46 institutions in the Tennessee Board of Regents System, the seventh largest system of higher education in the nation. This system comprises six universities, fourteen community colleges, and twenty-six Applied Technology Colleges.
This entry was posted in Computers and tagged , , , , , , , , , . Bookmark the permalink.

1 Response to Put a Honeypot on Your Network

  1. Pingback: Put a Honeypot on Your Network (via TTC Shelbyville – Technical Blog) « Chicago Mac/PC Support

Leave a comment