What exactly is a honeypot? A honeypot is a non critical computer that has software on it that allows the monitoring of users who are on your network or if the honeypot has a public ip address, it can be used to monitor outside users. This in turn allows you to view the ip address of the ‘curious’ and possibly malicious user of your network. By obtaining the ip address, you can in turn block the ip address at your ISP level or on your firewall.
With no installation required and free to use ____ allows you to place a honeypot on your computer. By simply running the program and selecting the configuration you want, you can monitor users who try to ‘break’ into your computer. If you select a webserver, you can create a folder on your computer and place a ‘fake’ database with names and html in the folder. This decoy server allows you to see ‘who’ is trying to circumvent your network.
Internally this allows you to track back users who may be navigating on your network. With most network policies, users should not navigate or attempt to navigate internally.
You will have to open your firewall (software on the host computer). The configuration below shows port 80 open (webserver) and port 7 (ICMP or ping).
When configuring a webserver, you will have to create the folder wwwroot in your c: drive. You will also have to create index.htm, a simple webpage. If you aren’t web savvy, simply open an office document, type in the information you want and save as an htm document (index.htm) in the c:\wwwroot folder.
When you return to the main screen, click on monitoring and your honeypot will minimize to the system tray. You can monitor live by opening the program.
To test the computer’s honeypot, go to another machine and type the ip address of the honeypot host into a webbrowser. Below you will see the computer’s ip address has been logged. The green is the honeypot’s ip address and the red is the malicious host.
This honeypot software is free and from Sourceforge (direct link to download).
Developer’s website.
Pingback: Put a Honeypot on Your Network (via TTC Shelbyville – Technical Blog) « Chicago Mac/PC Support