-
Notifications
You must be signed in to change notification settings - Fork 15
/
README
49 lines (39 loc) · 2.11 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
README
Honeytrap is a network security tool written to observe attacks
against TCP or UDP services. It runs as a daemon and starts serv-
er processes dynamically on requested ports. A server emulates a
well-known service by simply sending captured network traffic to
a connected host.
Many clients and particularly attackers will be fooled and send
responses to a honeytrap server process. The arriving data is as-
sembled to a string and written to a database file. Such a string
is called an attack string.
Honeytrap can parse an attack string for commands advising the
server to download a file from another host. If a download com-
mand is found, the server tries to retrieve the corresponding
file automatically. A downloaded file is stored locally with an
md5 checksum in its name. Currently, only ftp and tftp are sup-
ported. Honeytrap implements its own clients with the aim to be-
have as similar as possible than Windows systems. Http URIs are
recognized and logged. A http download routine may be added in
future releases.
INSTALLATION
Installation of honeytrap is pretty straight forward. Just do a
'./configure --with-stream-mon=<type> && make && make install'
where '<type>' is the connection monitor type of your choice.
Please refer to the INSTALL file and to the output of './config-
ure --help' for further information.
WARNINGS
Honeytrap is a low-interactive honeypot and therefore detectable.
It is written in C and thus potentially vulnerable to buffer
overflow attacks. Take care. Running in mirror mode is dangerous.
Attacks may be directed to the attacker, appearing to come from
your system. Use with caution.
The program needs root privileges, but only for binding server
processes to well-known ports. Use the -u and -g command line op-
tions to drop privileges and switch to another user and group as
early as possible.
CONTACT
If you have problems, questions, ideas or suggestions, please
contact me at <tillmann.werner@gmx.de>. If you would like to help
making honeytrap better, you are welcome.