MrWhisp Posted June 29, 2004 Report Share Posted June 29, 2004 Hi, I have developed a "Honeypot" security tool. I really would like some more ideas about this tool and therefore I would like to discuss it. And if anyone is interested in testing it let me know and I will post it on a website. The tool works as follows: A hacker always tries the easiest ways of attacking a system. So if, for example, port 139 (Netbios) is open a hacker attacks that port before trying other attacks, such as webserver exploits. My Honeypot opens servers at selected ports so it, for example, looks like the Netbios service is available. If anyone tries to connect to this port, the honeypot logs the intruder IP and hostname and automatically adds his IP to the Shorewall dynamic blacklist. The server ports is specified in a config file and can be any ports not used by a system service. I have for example emulated the Windows RPC service (computers probably infected with viruses like Ms Blaster) and blacklists about 2-4 IP / minute. To avoid infinitely growing blacklists the system executes a shorewall allow of the IP addresses after a user specified time interval, for example 10 minutes. Any ideas of further development for this tool? /MrWhisp Quote Link to comment Share on other sites More sharing options...
Michel Posted June 29, 2004 Report Share Posted June 29, 2004 (edited) seems a nice tool. I'll maybe have a look at it after my finals are done. Edited June 29, 2004 by Michel Quote Link to comment Share on other sites More sharing options...
durvish Posted June 29, 2004 Report Share Posted June 29, 2004 I'd be highly interested in taking a look at that. Quote Link to comment Share on other sites More sharing options...
MrWhisp Posted June 29, 2004 Author Report Share Posted June 29, 2004 I will post it somewhere in a few days. I just has to finish some details with the service scripts... The goal of this project is a useful honeypot, and therefore I need some ideas of other "honeypot" techniques... Quote Link to comment Share on other sites More sharing options...
MrWhisp Posted June 30, 2004 Author Report Share Posted June 30, 2004 The application and all installation/usage instructions is now available at http://www.frc-consulting.com/security/tools/ Send any feedback, questions or ideas about this project to johan@frc-consulting.com Quote Link to comment Share on other sites More sharing options...
MrWhisp Posted July 15, 2004 Author Report Share Posted July 15, 2004 I have made a lot of changes and moved the system to sourceforge: http://jhoney.sourceforge.net /MrWhisp Quote Link to comment Share on other sites More sharing options...
liquidzoo Posted July 15, 2004 Report Share Posted July 15, 2004 Wow. That looks like a very nice script. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.