HoneyPot

Hi,

I have been after a free HoneyPot for Windows, that has a GUI and can help catch malware (Melih knows I have been after one) the honeypots I have looked at have either not been free or have been too much of a hassle to set them up (partitioning the drive and things like that) anyways I know if proble won’t happen but I would like a HoneyPot.

Thanks,

Justin

Hey Justin,

The simplest way to make a honeypot for free is to have a PC with two hard drives (call them A and B). Set Windows up on each drive, separately, of course. Disconnect drive B (this will be our “real” Windows install and will have the same IP range as your LAN and have all security software running) and leave drive A attached as bootable, but without any security software running. Make certain that the IP address is in a different range to the rest of your LAN. Install the web server component and allows this PCs IP out to the internet - I assure you, someone will notice the server pretty ■■■■ quickly! Surf to all the suspect sites you can find, to make certain the PC is compromised.

When you are done, or just want to have a look, power down, connect drive B as the bootable drive and make drive A secondary. Boot Windows and have a look at your second drive.

PLEASE NOTE - THIS IS NOT FOOLPROOF! THIS IS NOT FOR THE FAINT OF HEART! THIS IS NOT AN IRON CLAD, SEGREGATED, DMZ’d HONEYPOT! YOU ARE INVITING BAD GUYS INTO YOUR HOUSE AND BAD GUYS CAN DO BAD THINGS!

Hope this helps,
Ewen :slight_smile:
(WCF3) (WCF3) (WCF3)

Hi,

This would work but I don’t have another copy of Windows to put on another HDD, I could partition I suppose but I would need to either reformat or partition using 3rd party software. I was thinking along the lines of a honeypot like KFSensor.

since a Honeypot is requested for some time ago :).

i would rather see a Tarpit, the basics are the same afaik but there’s some differences

Tarpits <
Trap hackers, slow down the spread of worms and stall spammers by creating tarpits. A tarpit is a trap for harmful intruders. VisNetic Firewall accepts TCP connections but never replies and ignores disconnect requests. This leaves ports scanners and hackers stuck for hours, even days.

this procedure works and when the attacker is stuck long enough the OS he use will give up and then crash in someway. the tarpit just keeps accepting and stalling the port from the attacker. i tested the procedure some time ago with Visnetic firewall and then got a friend to ‘attack’ me he ended up with a hung up Pc.

cheers and keep up the good and flawless work.

Have you tried Nepenthes? (http://nepenthes.mwcollect.org/)

Why not just use BartPE on a usb drive? Alternatively if you want to use another hard drive just clone your existing Windows installation onto it.Otherwise a VMware image of HEAT might fit the bill.

I would also love to see a honeypot from Comodo. It could be used by volunteer users to catch malware. It would be similar to projects such as SETI[at-bypass]Home, where people share CPU processing power for science, but in this case, co-operate to catch malware? Maybe make it possible to submit the malware samples directly to Comodo from within the honeypot?

I’ve tried to compile Nepenthes on Windows (according to the README, it’s possible), but couldn’t get it to work. Maybe Justin will have better luck. But he said he wanted one with a GUI, and Nepenthes is command-line? Other than that, there’s a free software named HoneyBOT. Haven’t caught anything worse than messenger spam with it, but you could give it a try.
http://www.atomicsoftwaresolutions.com/index.php

Do you know Valhala Honeypot? See Valhala Honeypot download | SourceForge.net

There’s also PortPeeker: http://www.linklogger.com/portpeeker.htm