‪#‎HONEYPOTS‬

1. ‪#‎HONEYPOTS‬
2. --------------------------------
3.  
4. ----------------------------------------------------------
5. ‪#‎HONEYD‬ - (OPEN SOURCE HONEYPOT SOFTWARE)
6. ----------------------------------------------------------
7.  
8. What is honeypot ??
9. ---------------------
10. A honeypot is a system which is acting as a potential target for an attacker.The system itself though is not of much value to the operator as no valuable information or important services are located on that machine – it’s the opposite. All services running on a honeypot aren’t used in the productive environment. The services aren’t promoted and so there shouldn’t be any productive traffic going for these systems. Due to this fact,all traffic heading and reaching a honeypot is of potential value and should be analyzed.A honeypot doesn’t need to deal with false positives like an ‪#‎intrusion_detection_system‬ as there are simply no false positives – all traffic is suspicious as there shouldn’t be any traffic because nobody knows of the system, no productive services are running and the system is not involved in “normal” activities.
11.  
12.  
13. TWO HONEYPOT CATEGORIES
14. -------------------------------------
15. Two categories of honeypots have evolved – research and productive honeypots.
16.  
17. Research honeypots are used mainly for research activities like detecting new kinds of attacks, retrieving new hacker tool or to get a better knowledge about the attacker, their background, activities and goals. Research honeypots are valuable for eveloping new IDS signature, analyze new attacks tools or detect new ways of hidden communication or distributed ‪#‎denial_of_service‬ (‪#‎DDoS‬) tools. Research honeypots normally have great logging capability to log a hacker’s activity once the attacks started or he gained root access.
18. ‪#‎unhappyghost‬
19.  
20. The other category, the productive honeypots, are mostly used to distract an attacker from the real targets. A honeypot is used as a bait to bind his attacking attempts as long as possible to the unproductive honeypot in order to gain time and protect the productive environment in the mean time. A productive honeypot is primarily not interested in gaining new knowledge about the ‪#‎blackhat‬ community – its main interest is the protection of the real servers. Productive honeypots sometime are also used to gather enough evidence for a successful prosecution of a hacker – But this application is still controversial and the legal side of such procedures is also not clear.
21. ‪#‎geeksch00l‬
22.  
23. Level of Involvement
24. ------------------------
25. Besides the two usage categories of honeypots we already seen, there are also three different technical implementation of honeypots. The essential factors is distinguish here is the ‘level of involvement’. It pretends as a original server to the hackers, It offers certain services on different ports and could have certain ‪#‎vulnerabilities‬.
26.  
27. Depending on the usage of a honeypots, having real services on that machine is not always desired or needed. It could be enough to have a simple listeners bound to a port which just write all incoming packets to a file and never answers to the received requests. For catching a infected MS IIS Server this is enough, no real IIS server is needed. On the other hand, to study a hacker’s social network and ways of communicating it could be necessary to “offer a real shell” and allow the attacker to gain ‪#‎root‬ privilege. Once a hacker is root in a system it could be very interesting to see what he’s going to do and for what he does need his newly gained system. These different honeypots can be described with the level of involvement
28.  
29. - Low involvement: They are listening on a certain port for incoming connections. All packets are logged. No answer to the request is sent. Low involvement honeypots have no interaction with the attacker. No traffic is ever leaving the honeypot – It’s a simple logging machine.
30.  
31. - Mid involvement: Mid involvement honeypots also listen on different ports. But in contradiction to low involvement they send information back to the attacker. Are quest is answered and the attacker has the possibility to issue commands.Normally, mid involvement honeypots don’t use real daemons, instead scripts or small programs are used to imitate the behavior of a service. The provided functionality depends on the script – in most cases, the provided commands are very limited. The big advantage of using such scripts is their logging capabilities and the circumvention of possible vulnerabilities of real services.
32.  
33. - High involvement: High involvement honeypots are the most advanced honeypots. They use real daemons and provide the full set of functionality. An attacker can do whatever he could do to a productive system – no limitations in functionality, vulnerability or behavior. Unfortunately, logging all attempts with high details isn’t always easy and the risk of a compromise is growing. Mostly,high involvement honeypots are used when a compromise of a system is desired.
34.  
35.  
36. HONEYD – A ‪#‎VIRTUAL‬ HONEYPOT
37. ---------------------------------------
38. Honeyd is a freely available ‪#‎framework‬ for setting up virtual honeypots. With honeyd it is possible to setup honeypots with different personalities and services on one machine. Honeyd emulates the different operating system’s IP stack and binds certain script to a desired port to emulate a specific service. Honeyd is able to fool network finger printing tools to think they are dealing with a real operating system ranging from a Windows NT to an AIX box. Even different router’s IP stack can be emulated. Honeyd relies on the ‪#‎nmap‬ fingerprinting file which is used to characterize different kind of operating systems and their IP stack. Before honeyd is inserting the packets into the IP stream, the personality of the packet is adjusted according to the desired operating system and the corresponding TCP/IP flag.With honeyd it is even possible to emulate complex network architectures and their characteristic. Virtual routing topology can be defined including different types of routers, the latency of a network connections as well as the packet loss. When using tools to map the network (like ‪#‎traceroute‬), the network traffic appears to follow the configured routers and network connections.
39.  
40. The setup of virtual machine is very easy. A configuration file is use to tell honeyd what kind of operating system is required, how to respond to the closed ports and what kind of services are listening on which ports. Honeyd is capable of binding the scripts to the networks ‪#‎ports‬. The scripts can be a standard shell scripts which simulates certain services. Most scripts are built as state machines where a command triggers a certain responsible advances to a new state with new possibilities. Scripts for the most popular well known services like ‪#‎SMTP‬, ‪#‎HTTP‬ and ‪#‎telnet‬ are there at several location on the Internet.
41.  
42. Read more on : http://www.cyberclaws.in/honeypots/
43. #UnhappyGhost
44.  
45. .
46.  
47. ##############################################################
48. # ṲИℋÅℙℙУḠ♓☮$✝ #
49. ##############################################################
50. || Website --------> http://unhappyghost.com/ ||
51. || Facebook -------> https://www.facebook.com/unhappygh0st ||
52. || FB Page --------> https://www.facebook.com/geeksch00l ||
53. || Twitter --------> https://twitter.com/unhappygh0st ||
54. || Google+ --------> http://goo.gl/WCHeJR ||
55. || Youtube --------> http://goo.gl/A3mQIE ||
56. || IPv6 Vids ------> http://goo.gl/Rbcxk ||
57. || IPv6 Event -----> http://goo.gl/TaeXv ||
58. ##############################################################
59.  
60. .