Quality Honeypots and Honeynets Links from our Security spam prevention Resources

Alkasis Software - Manufacturer of the PatriotBox HoneyPot server.

An Evening with Berferd - A hacker is lured endured and studied. One of the first examples of a honeypot. First published in 1992.

B.A.S.T.E.D. - A program that acts as a honeypot for spammers who use spambots to harvest email addresses from Web sites.

Back Officer Friendly - Created to detect when anyone attempts a Back Orifice scan against your computer. Also detects attempted connections to other services such as Telnet FTP SMTP POP3 and IMAP2.

Bubblegum proxypot - An open proxy honeypot (proxypot) that pretends to be an open proxy. Designed primarily to catch the mail spammer.

Building a GenII Honeynet Gateway - This is a short guide to build a GenII Honeynet Gateway also called a Honeywall under Linux broaching the most common problems and providing several solutions and tips.

Deception ToolKit (DTK) - A toolkit designed to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities.

Deploying and Using Sinkholes - Configuring and deploying Sink Hole Routers which are the network equivalent of a honey pot.

EruditeAegis.net - Papers on Honeypot technology - Connection Redirection Applied to Production Honeypot.

fakeAP - Generates thousands of counterfeit 802.11b access points for use as part of a honeypot or to confuse Wardrivers NetStumblers Script Kiddies and other undesirables.

Florida Honeynet Project - The Florida Honeynet Project is a not for profit all volunteer organization dedicated to honeynet research.

GHH - The "Google Hack" Honeypot - GHH emulates a vulnerable web application by allowing itself to be indexed by search engines. It is hidden from casual page viewers but is found through the use of a crawler or search engine.

Honey Web - An Active Server Pages (ASP) compliant web server honey pot that detects common attacks against web servers and logs the requests in a real-time viewer . It can recognize Buffer Overflows Denial of Service attacks Directory Transversal attacks SQL Inject

Honeybee - A tool for semi-automatically creating emulators of network server applications.

Honeycomb -- Automated IDS Signature Creation using Honeypots - A system for automated generation of signatures for network intrusion detection systems (NIDSs).

Honeyd - Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet for network monitoring or as a spam trap. For *BSD GNU/Linux and Solaris.

Honeyd - WikiSecure - Wikisecure's honeyd page that describes the basic functionality and operation with self-explanatory examples.

Honeyd Control Center - Honeyd configuration wizard a SQL Interface and reports.

HoneyNet Project - A community of organizations actively researching developing and deploying Honeynets and sharing the lessons learned.

Honeynet Security Console (HSC) - HSC is an analysis tool to view events on your personal honeynet. View and correlate events from Snort TCPDump Firewall Syslog and Sebek logs.

Honeynet.BR - Brazilian Honeypots Alliance. Includes tools to summaries honeyd logs mydoom.pl (A perl script which emulates the backdoor installed by the Mydoom virus) and an OpenBSD LiveCD Honeypot.

Honeynet.org: Tracking Botnets - Paper on the use of honeynets to learn more about botnets. Covers uses of botnets how they work and how to track them.

Honeypot + Honeypot = Honeynet - Article discussing the creation of the Honeynet Project.

Honeypots - Information covering intrusion detection and prevention systems research and production honeypots and incident handling. Also provides general overview of network security issues.

Honeypots: Monitoring and Forensics Project - Techniques tools and resources for conducting Honeypot Research and Forensic Investigation. White papers include monitoring VMware honeypots apache web server honeypots and VMware honeypot forensics.

Honeypotting with VMware - An article about how to use VMware to produce honeypots to catch system intruders.

Honeypotting: The Complete Documentation - Index of over 75 papers on Honeypots.

Honeywall CDROM - A honeynet gateway on a bootable CDROM.

Impost - Impost can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates with connecting clients; or it can operate as a packet sniffer and monitor incoming data to specified destination port supplied by the com

Installing a Virtual Honeywall using VMware - This paper explains how to go about configuring VMware to deploy a Honeywall combining the advantages offered by the Honeywall CDROM and the virtual environments.

Jackpot Mailswerver - A ready-to-run SMTP relay honeypot written in pure Java.

KeyFocus - KF Sensor - Honey pot IDS - A Windows honeypot designed to attract and detect hackers by simulating vulnerable system services and trojans.

Know Your Enemy: GenII Honeynets - An Introduction to second generation honeynets (honeywalls).

Know your Enemy: Phishing - Tracking Botnets with help of Honeynets.

LaBrea Tarpit - A program that creates a tarpit or as some have called it a "sticky honeypot".

MastaHackaWannabeAnalajza - Provides visualization of hack attempts against a honeypot server. Reports include attack intensity over time and attack types. Based on IDS data produced by snort.

mwcollect - A solution to collect worms and other autonomous spreading malware in a non-native environment like FreeBSD or Linux. Some people consider it a next generation honeypot however computers running mwcollect cannot actually be infected with the malware.

Project Honey Pot: Distributed Spam Harvester Tracking Network - A free distributed open-source project to help website administrators track stop and prosecute spam harvesters stealing email addresses from their sites.

RedHat Linux 6.2 Honeypot Analysis - Incident analysis for a compromised default honeypot installation of RedHat Linux 6.2. Includes design configuration and log details for the compromised machine.

SécurIT - LogIDS LogAgent SécurIT Intrusion Detection Toolkit and ComLog (a cmd.exe wrapper)

SCADA HoneyNet Project - SCADA HoneyNet Project: Building Honeypots for Industrial Networks (SCADA DCS and PLC architectures).

SecurityDocs - Honeypots - Directory of articles white papers and documents on honeypots and other security topics.

SecurityFocus: Problems and Challenges with Honeypots - Article discussing issues with Honeypot technology focusing on dealing with the possibility of your Honeypot being detected (and potentially abused) by an attacker.

SecurityFocus: Defeating Honeypots - Network issues Part 1 - Article discussing methods hackers use to detect honeypots.

SecurityFocus: Defeating Honeypots: System Issues Part 1 - This two-part paper discusses how hackers discover interact with and sometimes disable honeypots at the system level and the application layer.

SecurityFocus: Dynamic Honeypots - Honeypots that dynamically learn your network then deploy virtual honeypots that adapt to your network.

SecurityFocus: Fighting Internet Worms With Honeypots - This paper evaluates the usefulness of using honeypots to fight Internet worms and perform counterattacks.

Securityfocus: Fighting Spammers With Honeypots - This paper evaluates the usefulness of using honeypots to fight spammers.

SecurityFocus: Honeypot Farms - This article is about deploying and managing honeypots in large distributed environments through the use of Honeypot Farms.

SecurityFocus: Honeytokens -The Other Honeypot - This paper discusses honeytokens honeypots that are not computers but rather digital entities that are stored in a restricted part of the network.

SecurityFocus: Microsoft looks to "monkeys" to find Web threats - Article discussing how Microsoft have developed a series of Windows XP clients dubbed "honeymonkeys" that crawl the Web finding sites that use unreported vulnerabilities to compromise unsuspecting users.

SecurityFocus: Wireless Honeypots - Article discussing the use of honeypot technology to combat attacks on wireless networks.

SmokeDetector Honeypot - Low-interaction honeypot appliance.

Sombria Honeypot System - A honeypot system and "Honeypot Exchange Program."

SourceForge.net: Project - HoneyView - A tool to analyze honeyd-logfiles of the honeyd-daemon. Generates graphical and textual results from queries against the logfile data.

Spampoison - Website set up to deliver almost infinite numbers of bogus email addresses to email harvesting bots.

Spanish Honeynet Project - Independent non-profit research organization of security professionals dedicated to information security focused on honeynet technologies.

spank - A collection of programs to deploy run and analyse network and host simulations in IP networks.

Talisker Honeypots - Web page summarizing different commercial and freeware honeypots.

The Bait and Switch Honeypot System - A system that redirects all hostile traffic from your production systems to a honeypot that is a partial mirror of your production system. Once switched the would-be hacker is unknowingly attacking your honeypot instead of the real data.

The Distributed Honeypot Project - The goal of this project is to organize dispersed honeypots across the Internet and share findings with the security community.

The Strider HoneyMonkey Project - Microsoft Research project to detect and analyze Web sites hosting malicious code using client-side honeypots.

The Team Cymru Darknet Project - A Darknet is a portion of routed allocated IP space in which no active services or servers seemingly reside. However there is in fact include at least one server for real-time analysis or post-event network forensics.

thp - Tiny Honeypot - A simple honey pot program based on iptables redirects and an xinetd listener.

Virutal Honeynet: Deploying Honeywall using VMware - Information on deploying a Virtual Honeynet based on Honeywall using VMware.

WebMaven (Buggy Bank) - WebMaven is an intentionally broken web application. It is intended to be used in a safe legal environment (your own host) as a training tool as a basic benchmark platform to test web application security scanners and as a Honeypot.