Potting the HoneyPot #1

This post is strictly correlated with the previous Malware Hunting.

As mentioned earlier, there is a big necessity of automated collection tecnology, such as generic Malware Collector and HoneyPots.

In computer terminology, a honeypot is a trap set to detect, deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated, (un)protected and monitored, and which seems to contain information or a resource that would be of value to attackers. A honeypot that masquerades as an open proxy is known as a sugarcane.

It’s necessary to distinguish between various kinds of HoneyPots, but we’re intersted to the Malware Collectors

MultiPot The most easy and little HoneyPot

MwCollect

Nepenthes

Argos Argos is a full and secure system emulator designed for use in honeypots. It is based on Qemu, an open source emulator that uses dynamic translation to achieve a fairly good emulation speed.

Honeyd Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems.

HoneyBOT HoneyBOT is a Windows based medium interaction honeypot solution, this HoneyPot supports in a great manner malicious uploading, so can be used for Malware Collection.

Around here, there are also many HoneyPot Projects developed by various organizations that are referred to a common big project, the HoneyNet Alliance

In my experience I’ve seen that the most flexible and powerful HoneyPot Framework, is Honeyd, it can be used in different areas of system security, Network Decoys and the most intersting (for me) Detecting Collecting Worms.

One Response to Potting the HoneyPot #1

  1. Thanks for information.
    many interesting things
    Celpjefscylc

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: