Honeypot

[ea101]

Hi, me I am new to networking and now learning about honeypots. I'm looking for any suggestion on how I can manage and configure a honeypot and what is the best way so that I can configure it on FreeBSD? I tried to browse around and couldn't find any useful information till until now so I decided to post it here. All the guides given by you all will be very useful for me. And if there is a better way than honeypots you are most welcome to share the knowledge.

Thank you.

 

[SirDice]

I suggest getting more experience first. Setting up a honeypot is serious business and you're quite likely to get hacked instead. After all that's the purpose of a honeypot.

http://www.sans.org/security-resources/ ... eypot3.php
http://www.sans.org/security-resources/ ... eypot4.php
http://www.sans.org/security-resources/ ... neypot.php

 

[DutchDaemon]

I agree. If you need to ask about honeypots, chances are you shouldn't be running one. You will get e-raped.

 

[asteriskRoss]

@SirDice and @DutchDaemon are right to be cautious as courting attacks on your network is unlikely to be a Good Thing. That said, I also believe in learning by doing. A first step might be to set up your own honeypot on an isolated network and attack it yourself to see how it works.

Have you looked at setting up a low interaction honeypot using net/honeyd or net/nepenthes? I also see the ports collection has a couple of SSH server emulation honeypots; net/kippo and net/kojoney. Another option might be dionaea, though it doesn't appear to be in ports, so getting it to compile and run may take some work.

If you do decide to open up a honeypot to the big, bad Internet, make sure to isolate it from the rest of your network and give it the attention it deserves before you find your machine serving up malware or being used as part of a DDOS attack.