Honeypots and Honeynets (Security)

Honeypots and Honeynets Sites:

B.A.S.T.E.D. B.A.S.T.E.D.: A program that acts as a honeypot for spammers who use spambots to harvest email addresses from Web sites. (Honeypots and Honeynets) http://basted.sourceforge.net/ The Distributed Honeypot Project The Distributed Honeypot Project: The goal of this project is to organize dispersed honeypots across the Internet and share findings with the security community. (Honeypots and Honeynets) http://www.lucidic.net/ SecurityDocs - Honeypots SecurityDocs - Honeypots: Directory of articles, white papers, and documents on honeypots and other security topics. (Honeypots and Honeynets) http://www.securitydocs.com/Intrusion_Detection/Honeypots SecurityFocus: Honeytokens -The Other Honeypot SecurityFocus: Honeytokens -The Other Honeypot: This paper discusses honeytokens, honeypots that are not computers, but rather digital entities that are stored in a restricted part of the network. (Honeypots and Honeynets) http://www.securityfocus.com/infocus/1713 Honeypotting with VMware Honeypotting with VMware: An article about how to use VMware to produce honeypots to catch system intruders. (Honeypots and Honeynets) http://www.seifried.org/security/ids/20020107-honeypot-vmware-basics.html Honeypots: Monitoring and Forensics Project Honeypots: Monitoring and Forensics Project: Techniques, tools and resources for conducting Honeypot Research and Forensic Investigation. White papers include monitoring VMware honeypots, apache web server honeypots, and VMware honeypot forensics. (Honeypots and Honeynets) http://honeypots.sourceforge.net/ Talisker Honeypots Talisker Honeypots: Web page summarizing different commercial and freeware honeypots. (Honeypots and Honeynets) http://www.securitywizardry.com/honeypots.htm Bubblegum proxypot Bubblegum proxypot: An open proxy honeypot (proxypot) that pretends to be an open proxy. Designed primarily to catch the mail spammer. (Honeypots and Honeynets) http://world.std.com/~pacman/proxypot.html SecurityFocus: Honeypot Farms SecurityFocus: Honeypot Farms: This article is about deploying and managing honeypots in large, distributed environments through the use of Honeypot Farms. (Honeypots and Honeynets) http://www.securityfocus.com/infocus/1720 Honeynet Security Console (HSC) Honeynet Security Console (HSC): HSC is an analysis tool to view events on your personal honeynet. View and correlate events from Snort, TCPDump, Firewall, Syslog and Sebek logs. (Honeypots and Honeynets) http://www.activeworx.org/ Deploying and Using Sinkholes Deploying and Using Sinkholes: Configuring and deploying Sink Hole Routers, which are the network equivalent of a honey pot. (Honeypots and Honeynets) http://www.arbornetworks.com/research_presentations.php SourceForge.net: Project - HoneyView SourceForge.net: Project - HoneyView: A tool to analyze honeyd-logfiles of the honeyd-daemon. Generates graphical and textual results from queries against the logfile data. (Honeypots and Honeynets) http://sourceforge.net/projects/honeyview Project Honey Pot: Distributed Spam Harvester Tracking Network Project Honey Pot: Distributed Spam Harvester Tracking Network: A free, distributed, open-source project to help website administrators track, stop, and prosecute spam harvesters stealing email addresses from their sites. (Honeypots and Honeynets) http://www.projecthoneypot.org/ Securityfocus: Fighting Spammers With Honeypots Securityfocus: Fighting Spammers With Honeypots: This paper evaluates the usefulness of using honeypots to fight spammers. (Honeypots and Honeynets) http://www.securityfocus.com/infocus/1747 LaBrea Tarpit LaBrea Tarpit: A program that creates a tarpit or, as some have called it, a "sticky honeypot". (Honeypots and Honeynets) http://labrea.sourceforge.net/ Virutal Honeynet: Deploying Honeywall using VMware Virutal Honeynet: Deploying Honeywall using VMware: Information on deploying a Virtual Honeynet based on Honeywall using VMware. (Honeypots and Honeynets) http://www.honeynet.org.pk/honeywall/ Impost Impost: Impost can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates with connecting clients; or it can operate as a packet sniffer and monitor incoming data to specified destination port supplied by the com (Honeypots and Honeynets) http://impost.sourceforge.net/ The Bait and Switch Honeypot System The Bait and Switch Honeypot System: A system that redirects all hostile traffic from your production systems to a honeypot that is a partial mirror of your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data. (Honeypots and Honeynets) http://violating.us/projects/baitnswitch/ Honeypots: Tracking Hackers Honeypots: Tracking Hackers: White papers, mailing list and other resources related to honeypots. (Honeypots and Honeynets) http://www.tracking-hackers.com/ Alkasis Software Alkasis Software: Manufacturer of the PatriotBox HoneyPot server. (Honeypots and Honeynets) http://www.honeypot-ids.com Honeywall CDROM Honeywall CDROM: A honeynet gateway on a bootable CDROM. (Honeypots and Honeynets) http://www.honeynet.org/tools/cdrom/ WebMaven (Buggy Bank) WebMaven (Buggy Bank): WebMaven is an intentionally broken web application. It is intended to be used in a safe legal environment (your own host) as a training tool, as a basic benchmark platform to test web application security scanners and as a Honeypot. (Honeypots and Honeynets) http://www.mavensecurity.com/webmaven SecurityFocus: Defeating Honeypots - Network issues, Part 1 SecurityFocus: Defeating Honeypots - Network issues, Part 1: Article discussing methods hackers use to detect honeypots. (Honeypots and Honeynets) http://www.securityfocus.com/infocus/1803 Spampoison Spampoison: Website set up to deliver almost infinite numbers of bogus email addresses to email harvesting bots. (Honeypots and Honeynets) http://www.spampoison.com/ Know Your Enemy: GenII Honeynets Know Your Enemy: GenII Honeynets: An Introduction to second generation honeynets (honeywalls). (Honeypots and Honeynets) http://www.honeynet.org/papers/gen2/ Honey Web Honey Web: An Active Server Pages (ASP) compliant web server honey pot, that detects common attacks against web servers and logs the requests in a real-time viewer . It can recognize Buffer Overflows , Denial of Service attacks, Directory Transversal attacks, SQL In (Honeypots and Honeynets) http://honeyweb.sourceforge.net/ An Evening with Berferd An Evening with Berferd: A hacker is lured, endured, and studied. One of the first examples of a honeypot. First published in 1992. (Honeypots and Honeynets) http://all.net/books/berferd/berferd.html Linux Kernel Patches Linux Kernel Patches: Kernel logging patches for the honeynet project. (Honeypots and Honeynets) http://axehind.com/ Back Officer Friendly Back Officer Friendly: Created to detect when anyone attempts a Back Orifice scan against your computer. Also detects attempted connections to other services, such as Telnet, FTP, SMTP, POP3 and IMAP2. (Honeypots and Honeynets) http://www.nfr.com/resource/backOfficer.php spank spank: A collection of programs to deploy, run and analyse network and host simulations in IP networks. (Honeypots and Honeynets) http://spank.sourceforge.net/ SecurityFocus: Problems and Challenges with Honeypots SecurityFocus: Problems and Challenges with Honeypots: Article discussing issues with Honeypot technology, focusing on dealing with the possibility of your Honeypot being detected (and potentially abused) by an attacker. (Honeypots and Honeynets) http://www.securityfocus.com/infocus/1757 SecurityFocus: Dynamic Honeypots SecurityFocus: Dynamic Honeypots: Honeypots that dynamically learn your network then deploy virtual honeypots that adapt to your network. (Honeypots and Honeynets) http://www.securityfocus.com/infocus/1731 The Team Cymru Darknet Project The Team Cymru Darknet Project: A Darknet is a portion of routed, allocated IP space in which no active services or servers seemingly reside. However, there is in fact include at least one server for real-time analysis or post-event network forensics. (Honeypots and Honeynets) http://www.cymru.com/Darknet/ Deception ToolKit (DTK) Deception ToolKit (DTK): A toolkit designed to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities. (Honeypots and Honeynets) http://all.net/dtk/index.html Florida Honeynet Project Florida Honeynet Project: The Florida Honeynet Project is a not for profit, all volunteer organization dedicated to honeynet research. (Honeypots and Honeynets) http://www.floridahoneynet.org/ Installing a Virtual Honeywall using VMware Installing a Virtual Honeywall using VMware: This paper explains how to go about configuring VMware to deploy a Honeywall, combining the advantages offered by the Honeywall CDROM and the virtual environments. (Honeypots and Honeynets) http://www.honeynet.org.es/papers/vhwall/ fakeAP fakeAP: Generates thousands of counterfeit 802.11b access points for use as part of a honeypot or to confuse Wardrivers, NetStumblers, Script Kiddies, and other undesirables. (Honeypots and Honeynets) http://www.blackalchemy.to/project/fakeap/ EruditeAegis.net - Papers on Honeypot technology EruditeAegis.net - Papers on Honeypot technology: Connection Redirection Applied to Production Honeypot. (Honeypots and Honeynets) http://www.eruditeaegis.net/papers.php SecurityFocus: Fighting Internet Worms With Honeypots SecurityFocus: Fighting Internet Worms With Honeypots: This paper evaluates the usefulness of using honeypots to fight Internet worms and perform counterattacks. (Honeypots and Honeynets) http://www.securityfocus.com/infocus/1740 Honeynet.BR Honeynet.BR: Brazilian Honeypots Alliance. Includes tools to summaries honeyd logs, mydoom.pl (A perl script which emulates the backdoor installed by the Mydoom virus), and an OpenBSD LiveCD Honeypot. (Honeypots and Honeynets) http://www.honeynet.org.br/ Honeypot + Honeypot = Honeynet Honeypot + Honeypot = Honeynet: Article discussing the creation of the Honeynet Project. (Honeypots and Honeynets) http://www.eweek.com/article2/0,4149,1244323,00.asp Sombria Honeypot System Sombria Honeypot System: A honeypot system and "Honeypot Exchange Program." (Honeypots and Honeynets) http://www.lac.co.jp/security/csl/intelligence/sombria_e/index.html SCADA HoneyNet Project SCADA HoneyNet Project: SCADA HoneyNet Project: Building Honeypots for Industrial Networks (SCADA, DCS, and PLC architectures). (Honeypots and Honeynets) http://scadahoneynet.sourceforge.net/ Honeyd Honeyd: Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet, for network monitoring, or as a spam trap. For *BSD, GNU/Linux, and Solaris. (Honeypots and Honeynets) http://www.citi.umich.edu/u/provos/honeyd/ HoneyNet Project HoneyNet Project: A community of organizations actively researching, developing and deploying Honeynets and sharing the lessons learned. (Honeypots and Honeynets) http://project.honeynet.org/ Building a GenII Honeynet Gateway Building a GenII Honeynet Gateway: This is a short guide to build a GenII Honeynet Gateway, also called a Honeywall, under Linux, broaching the most common problems and providing several solutions and tips. (Honeypots and Honeynets) http://www.honeynet.org.es/papers/honeywall/ Spanish Honeynet Project Spanish Honeynet Project: Independent non-profit research organization of security professionals dedicated to information security focused on honeynet technologies. (Honeypots and Honeynets) http://www.honeynet.org.es Honeypots Honeypots: An introduction to honeypots, the different types, and their value. (Honeypots and Honeynets) http://www.tracking-hackers.com/papers/honeypots.html RedHat Linux 6.2 Honeypot Analysis RedHat Linux 6.2 Honeypot Analysis: Incident analysis for a compromised default honeypot installation of RedHat Linux 6.2. Includes design, configuration and log details for the compromised machine. (Honeypots and Honeynets) http://www.holcroft.org/honeypot/ Tiny Honeypot Tiny Honeypot: A very simple honeypot taking up a total of 21k. (Honeypots and Honeynets) http://alpinista.dyndns.org/files/thp/ SecurityFocus: Wireless Honeypots SecurityFocus: Wireless Honeypots: Article discussing the use of honeypot technology to combat attacks on wireless networks. (Honeypots and Honeynets) http://www.securityfocus.com/infocus/1761 MastaHackaWannabeAnalajza MastaHackaWannabeAnalajza: Provides visualization of hack attempts against a honeypot server. Reports include attack intensity over time and attack types. Based on IDS data produced by snort. (Honeypots and Honeynets) http://rudolf.sytes.net/en/