|
HoneyNet Project
|
A community of organizations actively researching, developing and deploying Honeynets and sharing the lessons learned.
|
|
Honeypots
|
Information covering intrusion detection and prevention systems, research and production honeypots, and incident handling. Also provides general overview of network security issues.
|
|
SourceForge.net: Project - HoneyView
|
A tool to analyze honeyd-logfiles of the honeyd-daemon. Generates graphical and textual results from queries against the logfile data.
|
|
Deception ToolKit (DTK)
|
A toolkit designed to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities.
|
|
SecurityFocus: Dynamic Honeypots
|
Honeypots that dynamically learn your network then deploy virtual honeypots that adapt to your network.
|
|
SecurityFocus: Fighting Internet Worms With Honeypots
|
This paper evaluates the usefulness of using honeypots to fight Internet worms and perform counterattacks.
|
|
SecurityFocus: Honeytokens -The Other Honeypot
|
This paper discusses honeytokens, honeypots that are not computers, but rather digital entities that are stored in a restricted part of the network.
|
|
An Evening with Berferd
|
A hacker is lured, endured, and studied. One of the first examples of a honeypot. First published in 1992.
|
|
SecurityFocus: Problems and Challenges with Honeypots
|
Article discussing issues with Honeypot technology, focusing on dealing with the possibility of your Honeypot being detected (and potentially abused) by an attacker.
|
|
MastaHackaWannabeAnalajza
|
Provides visualization of hack attempts against a honeypot server. Reports include attack intensity over time and attack types. Based on IDS data produced by snort.
|
|
RedHat Linux 6.2 Honeypot Analysis
|
Incident analysis for a compromised default honeypot installation of RedHat Linux 6.2. Includes design, configuration and log details for the compromised machine.
|
|
Honeypots: Monitoring and Forensics Project
|
Techniques, tools and resources for conducting Honeypot Research and Forensic Investigation. White papers include monitoring VMware honeypots, apache web server honeypots, and VMware honeypot forensics.
|
|
Deploying and Using Sinkholes
|
Configuring and deploying Sink Hole Routers, which are the network equivalent of a honey pot.
|
|
Securityfocus: Fighting Spammers With Honeypots
|
This paper evaluates the usefulness of using honeypots to fight spammers.
|
|
Talisker Security Wizardry: Honeypots
|
Describes different commercial and freeware honeypots.
|
|
Back Officer Friendly
|
Created to detect when anyone attempts a Back Orifice scan against your computer. Also detects attempted connections to other services, such as Telnet, FTP, SMTP, POP3 and IMAP2.
|
|
LaBrea Tarpit
|
A program that creates a tarpit or, as some have called it, a "sticky honeypot".
|
|
SecurityFocus: Honeypot Farms
|
This article is about deploying and managing honeypots in large, distributed environments through the use of Honeypot Farms.
|
|
Honeypot + Honeypot = Honeynet
|
Article discussing the creation of the Honeynet Project.
|
|
The Bait and Switch Honeypot System
|
A system that redirects all hostile traffic from your production systems to a honeypot that is a partial mirror of your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data.
|
|
Bubblegum proxypot
|
An open proxy honeypot (proxypot) that pretends to be an open proxy. Designed primarily to catch the mail spammer.
|
|
SecurityFocus: Wireless Honeypots
|
Article discussing the use of honeypot technology to combat attacks on wireless networks.
|
|
The Distributed Honeypot Project
|
The goal of this project is to organize dispersed honeypots across the Internet and share findings with the security community.
|
|
SecurityDocs - Honeypots
|
Directory of articles, white papers, and documents on honeypots and other security topics.
|
|
Honeynet.BR
|
Brazilian Honeypots Alliance. Includes tools to summaries honeyd logs, mydoom.pl (A perl script which emulates the backdoor installed by the Mydoom virus), and an OpenBSD LiveCD Honeypot.
|
|
Honey Web
|
An Active Server Pages (ASP) compliant web server honey pot, that detects common attacks against web servers and logs the requests in a real-time viewer . It can recognize Buffer Overflows , Denial of Service attacks, Directory Transversal attacks, SQL Injection attacks , XSS attacks , Session hijacking attacks.
|
|
Honeynet Security Console (HSC)
|
HSC is an analysis tool to view events on your personal honeynet. View and correlate events from Snort, TCPDump, Firewall, Syslog and Sebek logs.
|
|
SCADA HoneyNet Project
|
SCADA HoneyNet Project: Building Honeypots for Industrial Networks (SCADA, DCS, and PLC architectures).
|
|
EruditeAegis.net - Papers on Honeypot technology
|
Connection Redirection Applied to Production Honeypot.
|
|
fakeAP
|
Generates thousands of counterfeit 802.11b access points for use as part of a honeypot or to confuse Wardrivers, NetStumblers, Script Kiddies, and other undesirables.
|
|
Alkasis Software
|
Manufacturer of the PatriotBox HoneyPot server.
|
|
Virutal Honeynet: Deploying Honeywall using VMware
|
Information on deploying a Virtual Honeynet based on Honeywall using VMware.
|
|
Honeywall CDROM
|
A honeynet gateway on a bootable CDROM.
|
|
Know Your Enemy: GenII Honeynets
|
An Introduction to second generation honeynets (honeywalls).
|
|
B.A.S.T.E.D.
|
A program that acts as a honeypot for spammers who use spambots to harvest email addresses from Web sites.
|
|
Impost
|
Impost can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates with connecting clients; or it can operate as a packet sniffer and monitor incoming data to specified destination port supplied by the command-line arguments (pre-release version available).
|
|
WebMaven (Buggy Bank)
|
WebMaven is an intentionally broken web application. It is intended to be used in a safe legal environment (your own host) as a training tool, as a basic benchmark platform to test web application security scanners and as a Honeypot.
|
|
spank
|
A collection of programs to deploy, run and analyse network and host simulations in IP networks.
|
|
SecurityFocus: Defeating Honeypots - Network issues, Part 1
|
Article discussing methods hackers use to detect honeypots.
|
|
Spanish Honeynet Project
|
Independent non-profit research organization of security professionals dedicated to information security focused on honeynet technologies.
|
|
The Team Cymru Darknet Project
|
A Darknet is a portion of routed, allocated IP space in which no active services or servers seemingly reside. However, there is in fact include at least one server for real-time analysis or post-event network forensics.
|
|
Spampoison
|
Website set up to deliver almost infinite numbers of bogus email addresses to email harvesting bots.
|
|
Installing a Virtual Honeywall using VMware
|
This paper explains how to go about configuring VMware to deploy a Honeywall, combining the advantages offered by the Honeywall CDROM and the virtual environments.
|
|
Building a GenII Honeynet Gateway
|
This is a short guide to build a GenII Honeynet Gateway, also called a Honeywall, under Linux, broaching the most common problems and providing several solutions and tips.
|
|
Project Honey Pot: Distributed Spam Harvester Tracking Network
|
A free, distributed, open-source project to help website administrators track, stop, and prosecute spam harvesters stealing email addresses from their sites.
|
|
Honeyd Control Center
|
Honeyd configuration wizard, a SQL Interface, and reports.
|
|
Sombria Honeypot System
|
A honeypot system and "Honeypot Exchange Program."
|
|
Honeypotting: The Complete Documentation
|
Index of over 75 papers on Honeypots.
|
|
Honeycomb
|
A system for automated generation of signatures for network intrusion detection systems (NIDSs).
|
|
GHH - The "Google Hack" Honeypot
|
GHH emulates a vulnerable web application by allowing itself to be indexed by search engines. It is hidden from casual page viewers, but is found through the use of a crawler or search engine.
|
|
Honeynet.org: Tracking Botnets
|
Paper on the use of honeynets to learn more about botnets. Covers uses of botnets, how they work and how to track them.
|
|
SecurityFocus: Defeating Honeypots: System Issues, Part 1
|
This two-part paper discusses how hackers discover, interact with, and sometimes disable honeypots at the system level and the application layer.
|
|
thp - Tiny Honeypot
|
A simple honey pot program based on iptables redirects and an xinetd listener.
|
|
Know your Enemy: Phishing
|
This white paper aims to provide practical information on the practice of phishing and draws on data collected by the German Honeynet Project and UK Honeynet Project.
|
|
SecurityFocus: Microsoft looks to "monkeys" to find Web threats
|
Article discussing how Microsoft have developed a series of Windows XP clients, dubbed "honeymonkeys", that crawl the Web finding sites that use unreported vulnerabilities to compromise unsuspecting users.
|
|
mwcollect
|
A solution to collect worms and other autonomous spreading malware in a non-native environment like FreeBSD or Linux. Some people consider it a next generation honeypot, however computers running mwcollect cannot actually be infected with the malware.
|
|
Honeybee
|
A tool for semi-automatically creating emulators of network server applications.
|
|
The Strider HoneyMonkey Project
|
Microsoft Research project to detect and analyze Web sites hosting malicious code using client-side honeypots.
|
|
Honeypots
|
An introduction to honeypots, the different types, and their value.
|
|
Honeypots: Tracking Hackers
|
White papers, mailing list and other resources related to honeypots.
|
|
Philippine Honeynet Project, Philippines
|
Philippine Honeynet Project. Includes transcript of a VMWare Honeynet using Windows XP / Windows 2000 as the base OS.
|
|
Nepenthes honeypot
|
A low interaction honeypot designed to emulate vulnerabilties worms use to spread, and to capture these worms.
|
|
Chinese Honeynet Project
|
The Artemis Project (Chinese Honeynet Project).
|
|
Anton Chuvakin Honeynet Reseach and Live Stats
|
Live honeynet data, papers produced as a result of the honeynet research and other honeypot and honeynet related resources.
|
|
SécurIT
|
LogIDS, LogAgent, SécurIT Intrusion Detection Toolkit, and ComLog (a cmd.exe wrapper)
|
|
Netbait
|
Netbait Commercial Honeypot.
|
|
The Portuguese Honeynet Project
|
Information on their honeypot farm using HoneyMole.
|
|
Black Alchemy
|
Software for generating thousands of counterfeit 802.11b access points.
|
