You can install and configure Honeyd in just a few hours if you know the right steps. Here are those steps:
- Set up a hardened (i.e., fully patched) Windows box.
- The Honeyd installation requires a packet-level driver, so download and install WinPcap 3.0 from http://winpcap.polito.it, then reboot.
- Download Honeyd for Windows in compiled (or source code) form from http://www.securityprofiling.com. Unzip the compiled executable package and extract the files and directories. Honeyd will create its own directory and subdirectories. Rename the honeyd-0.5 folder to honeyd for easier command-prompt handling and scripting.
- Go to the command prompt and access the honeyd directory.
- Type the command
honeyd -W
to test that Honeyd is functioning and can identify your network interfaces. If Honeyd errors out, troubleshoot the previous steps. - Configure your routing infrastructure so that the appropriate network traffic gets passed to the honeypot machine.
- Download additional advanced scripts from http://niels.xtdnet.nl/honeyd/contrib.html. Unzip the scripts and place them in the Honeyd scripts folder.
- Download and install Cygwin and the accompanying shell script engine (sh.exe) and Perl script engine (perl.exe) from http://www.cygwin.com. Add the Cygwin binaries path to your system's PATH variable (e.g., C:\cygwin\bin). Alternatively, download and install the Perl script engine from http://www.activestate.com. Add the Perl binary directory (e.g., C:\perl\bin) to your system's PATH variable.
- Test scripts and script engines at the command prompt.
- Read the accompanying honeyd.html file for executable and configuration file syntax.
- Decide how you want to monitor the honeypot. This decision leads directly to how you'll handle alerts and logging.
- Create and configure your Honeyd configuration file. Specifically, you need to perform the following tasks:
- Define your templates (create the template, annotate the personality, bind the personality to template, and bind the IP addresses to the personality).
- Define TCP and UDP ports.
- Define emulation scripts.
- Configure the physical network so that the honeypot gets intended traffic.
- Execute Honeyd. >
4 comments
Hide comments