Linux Security: HoneyD

[MyWorld]

Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses - I have tested up to 65536 - on a LAN for network simulation. Honeyd improves cyber security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems.

http://www.honeyd.org/

In plain English?

Honeyd simulates the existence of an array of server and client machines on your network, including typical traffic between them. The phantom machines can be configured to mimic the signature and behavior of real operating systems, which will trick intruders into poking at them — and revealing themselves to your security staff.

http://www.linux.com/learn/tutorials/472795:weekend-project-use-honeyd-on-linux-to-fool-attackers

Seems security is high on the list nowadays with all the hackers running around. In the past you rarely read any of this on the mailing lists and newsletters, but now you read about security tools every second newsletter!

 

[oldhat]

HoneyD development seems to have stopped & last version was released years ago(2007?). Also, it is known to be susceptible to detection via packet fragmentation. May still be usefull though...

 

[MyWorld]

Hmm, did not notice that... should work still though?

 

[Jimmeh]

Sweet. Got potential.

1. Arrive at work early.
2. Start HoneyD
3. Take all available IP's on network
4. lol at panicking IT

 

[warchylde]

Sweet. Got potential.

1. Arrive at work early.
2. Start HoneyD
3. Take all available IP's on network
4. lol at panicking IT

5. Get frog marched from the building.....

Sent from my Desire HD using MyBroadband Android App