Honeypot

Honeypot are the devices or system that are deployed to trap attackers attempting to gain unauthorized access to the system or network as they are deployed in an isolated enviorment and being monitored.

Typically, honeypots are deployed in DMZ and configured identically to a server. Any probe malware, infection, the infection will be immediatly detected by this way as honeypots appear to be a legitimate part of the network.

Types Of Honeypots

1, High-Interaction Honeypots

High-Interaction Honeypots are configured with a varity of services which is basically enabled to waste the time of an attacker and gain more information from this intrusion.

Multiple Honeypots can be deployed on a single physical machine to be restored if attacker even compromised the honeypots.

2. Low-Interaction Honeypots

Low-Interaction Honeypots are configured to entertain only the services that are commanly requested by the users.

Response time, less complexity and few resources make Low-Interaction Honeypot deployment more easy as comapared to High-Interaction Honeypots.

Detecting Honeypots

The basic logic of detecting a honeypots in a network is by probing the services. The attacker usually crafts a malicious packet to scan running services on the system and open and closed ports information.

These services may be HTTPS, SMTPS or IMAPS or else. Once attacker extracts the information, it can attempt to build a connection, the actual server will complete the process of three-way handshaking but the deny of handshaking, indicating the presence of a honeypots. Send-Safe Honeypots Hunter, Nessus, and Hping tools can be used to detect honeypots.

Honeypot Tools

KFSensor

KFSensor is a host based intrusion Detection System that acts a a honeypot to attract and detect hackers and worms by simulating vulnerable system services and Trojans

SPECTER

SPECTER is a smart honeypot-based intrusion detection system that offers common Internet services such as SMTP, FTP, POP3 HTTP and TELNET appear perfectly normal to the attackers but in fact are traps.

Honeypot Tool for Mobile:

HosTaGe

HosTaGe is generic honeypot for mobile devices that aim on the detection of malicious, wireless network enviorment.

As most malware propagate over the network via specific protocols, a low- interaction honeypots located at a mobile device can check wireless network for actively propagating malware.

Originally published at https://exploitbyte.com on November 4, 2019.