Honeyd 1.5b

The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain

Developer:   Niels Provos       more software by author → Price:  0.00 License:   GPL (GNU General Public License) File size:   861K Language:    OS:    Rating:   0 /5 (0 votes) Your vote:   enlarge screenshot

The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses - I have tested up to 65536 - on a LAN for network simulation.

Honeyd improves cyber security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems.
It is possible to ping the virtual machines, or to traceroute them. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.

annotate "AIX 4.0 - 4.2" fragment old
# Example of a simple host template and its binding create template
set template personality "AIX 4.0 - 4.2"
add template tcp port 80 "sh scripts/web.sh"
add template tcp port 22 "sh scripts/test.sh $ipsrc $dport"
add template tcp port 23 proxy 10.23.1.2:23
set template default tcp action reset

bind 10.21.19.102 template

The different TCP personalities are learned from reading a nmap fingerprint file. The configured personality is the operating system that nmap or xprobe will return. Personalities can be annotated to determine if they allow FIN-scans for open ports or to select the preference in which they reassemble fragmented IP packets.

Honeyd can be used to create a virtual honey net or for general network monitoring. It supports the creation of a virtual network topology including dedicated routes and routers. The routes can be attributed with latency and packet loss to make the topology seem more realistic.
Because Honeyd interacts with potentially malicious adversaries, you should sandbox it with Systrace. Systrace prevents an adversary from exploiting bugs in your Honeyd scripts.

Subsystem Virtualization

Honeyd supports service virtualization by executing Unix applications as subsystems running in the virtual IP address space of a configured honeypot. This allows any network application to dynamically bind ports, create TCP and UDP connections using a virtual IP address.
Subsystems are virtualized by intercepting their network requests and redirecting them to Honeyd. Every configuration template may contain subsystems that are started as separated processes when the template is bound to a virtual IP address. An additional benefit of this approach is the ability of honeypots to create sporadic background traffic like requesting web pages and reading email, etc.

Network Simulation/Internet-In-The-Box

Honeyd supports assymetric routes and the integration of physical machines into the virtual network topology. As a result, it is possible to use Honeyd for simple network simulations: Physical hosts can be exposed to high latency or packet loss, arbitrary routing infrastructures, etc.

route entry 10.0.0.1 network 10.0.0.0/8
route 10.0.0.1 link 10.0.0.0/24
route 10.0.0.1 add net 10.4.0.0/14 tunnel "thishost" "honeyd-b"
route 10.0.0.1 add net 10.1.0.0/16 10.1.0.1 latency 55ms loss 0.1
route 10.0.0.1 add net 10.2.0.0/16 10.2.0.1 latency 20ms loss 0.1
route 10.0.0.1 add net 10.3.0.0/16 10.2.0.1 latency 20ms loss 0.1
route 10.1.0.1 link 10.1.0.0/24
route 10.2.0.1 link 10.2.0.0/24
[...]
route 10.2.0.1 add net 10.3.0.0/16 10.3.0.1 latency 10ms loss 0.1
route 10.3.0.1 link 10.3.0.0/24
route 10.3.0.1 add net 10.3.1.1/24 10.3.1.1 latency 10ms
route 10.3.0.1 add net 10.3.240.0/20 10.3.240.1 latency 5ms
route 10.3.1.1 link 10.3.1.1/24
route 10.3.240.1 link 10.3.240.0/20
route 10.3.240.1 add net 0.0.0.0/0 10.3.0.1 latency 40ms loss 0.5
[...]
bind 10.2.0.243 to fxp0
bind 10.3.1.15 to fxp0

Using GRE tunneling allows the creation of distributed setups that allow Honeyd to scale to larger networks. It also allows virtual machines to be spread across separate address spaces as GRE tunnel selection can be based on the source addresses.

Requirements:

libevent - an asynchronous event library.

libdnet - the [not so] dumb network library.

libpcap - a packet capture library.

What's New in This Release:

A crash in the ARP handling code was fixed.

The default actions for UDP packets were fixed.
tags add net  the virtual  tcp port  template tcp  add template  honeyd supports  packet loss  latency 10ms  20ms loss  latency 20ms  routes and  the creation  virtual machines  

Download Honeyd 1.5b

 http://www.citi.umich.edu/u/provos/honeyd/honeyd-1.5b.tar.gz

Authors software

Honeyd 1.5b (by Niels Provos) The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain

libevent 1.2a (by Niels Provos) libevent library provides a mechanism to execute a callback function when a specific event occurs on a file descriptor or after a tim

Systrace 1.6d (by Niels Provos) The policy is generated interactively

Libdnsres 0.1a (by Niels Provos) Libdnsres provides a non-blocking, thread-safe API for resolving DNS names

OutGuess 0.2 (by Niels Provos) OutGuess is a universal tool that allows the insertion of hidden information into the redundant bits of data sources. The program

Similar software

Honeyd 1.5b (by Niels Provos) The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain

Template::Tutorial 2.15 (by Andy Wardley) Template::Tutorial are template toolkit tutorials. This section includes tutorials on using the Template Toolkit

Wake On LAN proxy 0.5 (by Marty Connor) Wake On LAN proxy allows machines behind a gateway/firewall to be woken up

SmokePing 2.0.9 (by Tobias Oetiker) SmokePing is a delux latency measurement tool

Multi Purpose Scanner 0.03 (by Fabio Borraccetti) Multi Purpose Scanner is a simple scanner written in C that starts a number of child processes, connects to a list of IP addresses, a

Jimsim Network Simulator 1.1 (by Jimboney) Jimsim Network Simulator project can emulate several routers connected via virutal networks

dhcptool 0.0.2-alpha (by Carlos Duclos)

NetSPoC 3.0 (by Heinz Knutzen) NetSPoC is a tool for security managment of large computer networks with different security domains

ifmetric 0.3 (by Lennart Poettering) ifmetric is a Linux tool for setting the metrics of all IPv4 routes attached to a given network interface at once. This may be use

CycleAtlas 1.4 (by Massimo Nervi) CycleAtlas is a cycling diary based on a custom road atlas

Other software in this category

Nmap 4.20 (by Fyodor) Nmap is a utility for network exploration or security auditing

iptables 1.3.7 (by Harald Welte) iptables and netfilter are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel

Linux Bandwidth Arbitrator 9.62 (by astormchaser) Linux Bandwidth Arbitrator allows beginning-to-advanced network administrators to control bandwidth

Ettercap 0.7.3 (by ALoR NaGA) Ettercap is a network sniffer/interceptor/logger for ethernet LANs

rdesktop 1.5.0 (by matthewc) rdesktop is an open source client for Windows NT Terminal Server and Windows 2000/2003 Terminal Services, capable of natively speakin