What is honeypot and how to set-up honeypot

What is honeypot and how to set-up honeypot in Kali Linux

Hello guys,

Welcome to MikeyToTech

 In this article I will talk you about honeypot that what is honeypot, how it’s work and how we can trace hacker’s activity. I will also set-up a basic honeypot system in Kali Linux. So, read the complete post to know about honeypot and learn to set-up a honeypot system on your system.

What is honeypot ?

Honeypot

A honeypot is computer system that is set up to attract as decoy to lure cyber attackers and to detect, deflect or study attempts to gain unauthorized access to information systems.

Generally, a honeypot consists of data (for example, in a network site) that appears to be a legitimate part of the site, but is actually isolated and monitored, and that seems to contain information or a resource of value to attackers, who are then blocked.

A honeypot is a security resource who's value lies in being probed, attacked or compromised.

Honeypot can be classified based on their deployment (use/action) and based on their level of involvement. Based on deployment, honeypots may be classified as

1.       Production Honeypots

2.     Research honeypots

Production honeypots

Production honeypots are easy to use, capture only limited information, and are used primarily by corporations. Production honeypots are placed inside the production servers by an organization to improve their overall state of security. Normally, production honeypots are love-interaction honeypots, which are easier to deploy. They give less information about the attacks or attackers than research honeypot.

Research honeypots

Research honeypots ae run to gather information about the motives and tactics of the Black hat community targeting different networks. These honeypots do not add direct value to a specific organization, instead, they are used to research the threats that organizations ace and to learn how to better protect against those threats. Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organization.

creating a basic honeypot 

Here, I will make a basic honeypot in Kali Linux and for it I will use a tool Pentbox, you can also download it using git clone or zip file from github.

So, I going to clone pentbox tool on the Desktop, that’s why I type cd Desktop to change directory and here run command git clone <pentbox url> it will clone pentbox tool in Desktop directory.

After cloning pentbox tool, you can see a file named pentbox.rb , you need give executable permission to this file by running command chmod +x pentbox.rb and now you can run the pentbox tool, so type ./pentbox.rb to start pentbox tool. As you can see in the following picture –

After starting this tool you can see some options here. I will use Network tools for honeypots.

Auto configuration honeypot

Let’s start to create a honeypot to trace activities in over network. So, start pentbox tool by running ./pentbox and press 2 and hit enter to use Network tools. Now you have to choose Honeypot option, so type 3 and hit enter. Now it will ask you auto configure honeypot or manual configuration here type 1 and hit enter. Now your honeypot is ready you can also see HONEYPOT ACTIVATED ON PORT 80 as you can see in the following picture –

To check it’s working or not, open browser in your network device and type system’s local IP address in which honeypot activated (to check local IP run ifconfig). So, I have opened browser in my windows system and type Kali Linux system local IP. When you brose it, your activities are traced in Kali Linux system such as which operating system you are using, which browser you are using and it’s version and more. As you can see in the following picture -

Manual configuration honeypot

Now, we will configure honeypot manually, so start pentbox tool again and use network tools and choose honeypot option as we did in auto configuration honeypot.

Now, it will ask you to select option for configuration, you have to select manual configuration honeypot so type 2 and hit enter. It will ask you to open port, type port number here which you want to open. I am using port number 4444, so I typed 4444 and hit enter.

Now it will ask you to type massage to display to the hacker, so I have type message YOU CAN’T HACK ME and hit enter.

Now it will ask you to save log file, if you want to save log file then enter y otherwise enter n, I don’t want save log file so I typed n and hit enter.

Now, it will ask you to Active beep sound when any movement traced, if you want it then enter y otherwise enter n.

Now, you can see a message HONEYPOT ACTIVATED ON PORT 4444, see the following picture –

To check it’s working or not, open browser again and type local IP and port [for example 192.168.43.11:4444], it will display message to hacker which you typed and it will also trace hacker activities as traced in auto configure honeypot.

I hope you liked this article.

If you have any question or suggestion, so please do the comment.