HoneyPot: Explained Topic: HoneyPot :Explained Author:s1ayer Greetz:b0nd bro, Eberly, r45,vaibhav,jappy,Mr.

XXXX,Godwin Austin,sai bro, fb1, a nd all ICW and G4H members Shoutz: To all Indians out there. contact:s1ayer.icw@gmail.com Website:www.garage4hackers.com www.andhrahackers.com http://www.security-informatica.blogspot.com ================================================================================ ======================================= What is HoneyPot?? In layman terms we can say it is a trap set by the administrators for the hacker s, to fool them or to make them believe that they are hacking into admins system, but instead of that hackers are gettin g hacked by the admin. How does this work?? This works by presenting the hackers a foul scenario where , hacker thinks that he is penetrating into the system but instead, he is going no where except he is playing in the world created by the a dmins. By doing so, admins are able to check all the malicious activity of the hackers like what all ports hackers are trying to connect, what files they are trying to upload, which all sections they are trying to access. HonyPot is mainly designed to trap the hackers, or present a virtual system to t he hackers which never exists. Technically, Honeypot tries to listen to all the ports on the system, and whenev er hacker tries to port scan the system, it gets a list of open ports which he thinks is open but actually, it is the ope ned port which is shown by the honeypot behind the firewall, so when ever hacker tries to access some random port say 100, then he is accessing the honeypot not the system. Above scenario can be visualised better: Install a VM ware on a system and run a ny low version of windows or linux on it with all ports open, and port forward those ports on the host system, so when ever h acker tries to fingerprint or try to do port scan, then he will be gettng info about the VM ware not the host system, hacker may be able to penetrate into the VM ware OS, but our HOST OS remains safe. But there are mainly deficulty in doing the above job , so special application i s created called HONEYPOT to do this job and many other jobs like tracking of packets, file access etc. There are mainly 3 types of honeypots available: 1.Small: Mainly keeps the log of ip-address which are trying to access your syst em alongwith the port 2.Medium: Its functionality is little advanced, keeping track of files accessed, time-period, hosts etc.

3.Large: It provides all the functionality, but the main feature of these kind o f Honeypots are security feature, these can simulate virtual os for the outsiders or hackers very well. In this article I am going to give the example of HoneyPot of small scale for Wi ndows. HoneyPots are available both on commercial platform and also as open source, I a m taking the example of KFsensor which is freely available on their official website. STEP 1: Download the KFSENSOR and winpcap from their website and install them STEP 2: Restart your system, start winpcap server from the folder menu where it is saved mainly in c:\ drive STEP 3: Start KFsensor, do as promted in the window , it is mainly for the confi guring of your new HONEYPOT. STEP4: Done, keep your system up for the packets scanning. image:http://3.bp.blogspot.com/_bujltUQhRY0/TDZLzqusauI/AAAAAAAAADI/AuA8PkHu3R0/ s640/untitled.bmp Here in above picture u can see some port numbers are striked out, because you n eed to restart the system, then start your honeypot, then internet connection, else these ports will be used by net connec tion first, then this honeypot willnot be able to access these ports, hence no information gathering will be possible. image:http://3.bp.blogspot.com/_bujltUQhRY0/TDZPfypnPaI/AAAAAAAAADQ/O68f_6mOYKU/ s640/untitled.bmp Within minutes of intallation of this small honeypot i got the scanning alert so und, when checked these were the UDP packets mainly left over the internet for scanning of hosts. ================================================================================ ============================================ Silence is not our weakness, Its just we dont want to waste our time, Its my way of explanation............... JAI MATA DI Offensive Security 2011