Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
virtual honeypots
C Python Perl Shell C++ Tcl Other

Merge pull request #88 from aleno/master

Fix null dereference of pointers
latest commit a0f3d64834
@awaldow awaldow authored
Failed to load latest commit information.
compat Fixed compiler warnings in sha1.h on non-OpenBSD systems
debian DEBIAN: Bump debian package version
doc Update example config files to use 'closed' instead of 'block' termin…
dpkt Fix double directory structure by moving files up a folder
os-test OSTEST: Use the -p flag to set honeyd to same fingerprints file as os…
pypcap PYPCAP: Rebuild the pyx file with new version of pyrexc so it works w…
regress Additional changes to port terminology update
sample-config Update example config files to use 'closed' instead of 'block' termin…
scripts Fix script alert not working on the telnet script because of invalid …
subsystems
webserver Remove references to update.c vars in the python extension code
.gitignore Fix bug where InitializeDb had to be called twice before database cam…
ChangeLog Fix double directory structure by moving files up a folder
LICENSE Fix double directory structure by moving files up a folder
Makefile.am Create init.py script for db, make sure ~/.config/honey exists, call …
README BUILD: Bump version to 1.6d for tagging
analyze.c Fix for memory leaks in repeated libevent timers
analyze.h Fix double directory structure by moving files up a folder
arp.c Merge branch 'integration' of ssh://helios/home/git/repositories/hone…
arp.h Merge branch 'integration' of ssh://helios/home/git/repositories/hone…
atomicio.c Fix double directory structure by moving files up a folder
autogen.sh Fix double directory structure by moving files up a folder
command.c Fix segfault if using proxy feature in honeyd
condition.c Fix double directory structure by moving files up a folder
condition.h Fix double directory structure by moving files up a folder
config.c Fix bug where honeyd was trying to ARP for the interface bcast addresses
config.ethernet Change terminology of port behavior from "reset, block" to "closed, f…
config.sample Change terminology of port behavior from "reset, block" to "closed, f…
configure BUILD: Bump version to 1.6d for tagging
configure.in BUILD: Bump version to 1.6d for tagging
daemon.c Fix double directory structure by moving files up a folder
debug.h Fix double directory structure by moving files up a folder
dhcpclient.c More work on getting DHCP renewals to work properly
dhcpclient.h
err.c Swapped out err and errx function calls with syslog calls
ethernet.c replaced err() and errx() with syslog
ethernet.h Changed install location of mac file and CLI arguments
fdpass.c Fix for merge errors and compiler warnings
fdpass.h Fix for merge errors and compiler warnings
filter.c Finished copying the MAC prefix file to honeyd added
filter.h
generateDebs DEB: Update package version number
generate_assoc.py Fix double directory structure by moving files up a folder
getopt_long.c Fix double directory structure by moving files up a folder
gre.c Fix double directory structure by moving files up a folder
gre.h Fix double directory structure by moving files up a folder
histogram.c Fix for memory leaks in repeated libevent timers
histogram.h Fix double directory structure by moving files up a folder
honeyd.8 Fix man page for broadcast entry format
honeyd.c Fix null dereference of pointers
honeyd.h Add ability to have honeypots do periodic UDP broadcasts
honeyd_overload.c replaced err() and errx() with syslog
honeyd_overload.h Fix double directory structure by moving files up a folder
honeydctl.1 Fix double directory structure by moving files up a folder
honeydctl.c replaced err() and errx() with syslog
honeydstats.c Updated deprecated libevent 1.0 calls to libevent 2.x
honeydstats.h Updated deprecated libevent 1.0 calls to libevent 2.x
honeydstats_main.c Merge branch 'integration' of ssh://helios/home/git/repositories/hone…
hooks.c Finished copying the MAC prefix file to honeyd added
hooks.h Fix double directory structure by moving files up a folder
hsniff.c Fixed merge conflicts within hsniff.c
hsniff.h Updated deprecated libevent 1.0 calls to libevent 2.x
install-sh Fix double directory structure by moving files up a folder
interface.c Fix bug where honeyd was trying to ARP for the interface bcast addresses
interface.h Fix bug where honeyd was trying to ARP for the interface bcast addresses
ipfrag.c Updated deprecated libevent 1.0 calls to libevent 2.x
ipfrag.h Updated deprecated libevent 1.0 calls to libevent 2.x
keycount.c Finished copying the MAC prefix file to honeyd added
keycount.h Fix double directory structure by moving files up a folder
lex.c Add ability to have honeypots do periodic UDP broadcasts
lex.l
log.c replaced err() and errx() with syslog
log.h Fix double directory structure by moving files up a folder
ltmain.sh Fix double directory structure by moving files up a folder
missing Fix double directory structure by moving files up a folder
mkinstalldirs Fix double directory structure by moving files up a folder
network.c fixed syslog errors
network.h Fix double directory structure by moving files up a folder
nmap-mac-prefixes Added nmap-mac-prefixes to the makefile install
nmap-os-db Update nmap-os-db and nmap-assoc files to newest versions
nmap.assoc Update nmap-os-db and nmap-assoc files to newest versions
osfp.c Updated deprecated libevent 1.0 calls to libevent 2.x
osfp.h Updated deprecated libevent 1.0 calls to libevent 2.x
parse.c Add ability to have honeypots do periodic UDP broadcasts
parse.h Add ability to have honeypots do periodic UDP broadcasts
parse.y Add ability to have honeypots do periodic UDP broadcasts
parser.h
personality.c Fix for memory leaks in repeated libevent timers
personality.h Ignore the "Match Points" section of nmap-os-db when parsing it
pf.os Fix double directory structure by moving files up a folder
pf_osfp.c Fixes for many compiler warnings
pfctl_osfp.c replaced err() and errx() with syslog
pfvar.h Fix double directory structure by moving files up a folder
plugins.c Fix double directory structure by moving files up a folder
plugins.h Fix double directory structure by moving files up a folder
plugins_config.c Finished copying the MAC prefix file to honeyd added
plugins_config.h Fix double directory structure by moving files up a folder
pool.c Finished copying the MAC prefix file to honeyd added
pool.h Finished copying the MAC prefix file to honeyd added
pydatahoneyd.c Updated deprecated libevent 1.0 calls to libevent 2.x
pydatahoneyd.h Fix double directory structure by moving files up a folder
pydataprocessing.c pydataprocessing.c error on Compiling
pydataprocessing.h Fix double directory structure by moving files up a folder
pyextend.c Merge branch 'integration' of ssh://helios/home/git/repositories/hone…
pyextend.h Fix double directory structure by moving files up a folder
router.c fixed syslog errors
router.h Fix double directory structure by moving files up a folder
rrdtool.c Updated deprecated libevent 1.0 calls to libevent 2.x
rrdtool.h Updated deprecated libevent 1.0 calls to libevent 2.x
sha1.c Fix double directory structure by moving files up a folder
stamp-h.in
stats.c Fix for merge errors and compiler warnings
stats.h Updated deprecated libevent 1.0 calls to libevent 2.x
strlcat.c Fix double directory structure by moving files up a folder
strlcpy.c Fix double directory structure by moving files up a folder
strsep.c Fix double directory structure by moving files up a folder
subsystem.c Pass a HONEYD_INTERFACE variable to honeypot scripts (eg, "eth0")
subsystem.h Replace few magic numbers with macros and some confusing function names
tagging.c Updated deprecated libevent 1.0 calls to libevent 2.x
tagging.h Remove hardcoded libevent code, replace with calls to actual libevent
tcp.c Updated deprecated libevent 1.0 calls to libevent 2.x
tcp.h Fix double directory structure by moving files up a folder
template.h Add ability to have honeypots do periodic UDP broadcasts
udp.c Updated deprecated libevent 1.0 calls to libevent 2.x
udp.h Fix double directory structure by moving files up a folder
ui.c Pass a HONEYD_INTERFACE variable to honeypot scripts (eg, "eth0")
ui.h Updated deprecated libevent 1.0 calls to libevent 2.x
untagging.c Updated deprecated libevent 1.0 calls to libevent 2.x
untagging.h Remove hardcoded libevent code, replace with calls to actual libevent
util.c Finished copying the MAC prefix file to honeyd added
util.h Fixes for many compiler warnings
xprobe2.conf Fix double directory structure by moving files up a folder
xprobe_assoc.c Fix double directory structure by moving files up a folder
xprobe_assoc.h

README

Honeyd 1.6d
Copyright (c) 2002 - 2007 Niels Provos <provos@citi.umich.edu>
-------------------------------------------------------------------------

About Honeyd:
-------------

Honeyd is a small daemon that creates virtual hosts on a network.  The
hosts can be configured to run arbitrary services, and their TCP
personality can be adapted so that they appear to be running certain
versions of operating systems.  Honeyd enables a single host to claim
multiple addresses - I have tested up to 65536 - on a LAN for network
simulation.

It is possible to ping the virtual machines, or to traceroute them.
Any type of service on the virtual machine can be simulated according
to a simple configuration file.  Instead of simulating a service, it
is also possible to proxy it to another machine.

Installation:
-------------

Honeyd depends on several libraries:

 - libevent  - event notification
 - libdnet   - packet creation
 - libpcap   - packet sniffing
 - libpcre   - perl regular expression library (optional; for subsystems)

Make sure that you have them installed.



To install dependencies in Ubuntu:

$ sudo apt-get install libevent-dev libdumbnet-dev libpcap-dev libpcre3-dev libedit-dev bison flex libtool automake

To install dependencies in ArchLinux:

# First get these packages
$ pacman -S libdnet libpcap libevent pcre libedit bison flex libtool automake

For the regression framework to run, you need to install the Python
module for libdnet.  You might need Python 2.4 for the best results.

To build honeyd, run the following commands:

$ ./autogen.sh
$ ./configure
$ make
$ sudo make install

If your compilation stops due to Python related errors, you can try to
run configure as

$ ./configure --without-python

If you get compilation warnings on Linux bitch to the people responsible
for the conditional header file idioticy.

Documentation:
--------------

You can find documentation as part of this release.  The manual
page can be accessed with the following commands:

$ man honeyd

or in the source directory

$ nroff -mdoc honeyd.8

More information can be found at http://www.honeyd.org/ and https://github.com/DataSoft/Honeyd

Running:
--------

Honeyd requires root-privileges for execution.  Normally, you run it
with arguments similiar to the following:

$ sudo ./honeyd -d -f config.sample 10.0.0.0/8

It is strongly recommend that you run Honeyd in a chroot environment
under a sandbox like systrace.  If possible, Honeyd drops privileges
after creating its raw sockets.  This depends on your configuration
file.  You can force privileges to be dropped by setting Honeyd's uid
and gid via the -u <uid> and -g <gid> flags.

Testing
-------

To empirically verify the quality of OS scan results, a bash script named
ostest is included. There are a few "gotcha"s with this, however. Normally,
honeyd ignores packets coming from the same machine that it's running on
so as to avoid routing loops. (or so it claims, at least) So scanning
yourself doesn't work.

An ugly hack to make this work is to use a separate hardware ethernet
interface such as a cheap usb-ethernet adapter. You then have two eth adapters,
call them eth0 and eth1. Set up a route so that the IP address given to 
ostest is routing to eth0. You then set up honeyd to listen on eth1. 

Honeyd will see packets coming from eth0 and assume that it is a different
machine than ours, and not drop them.

License:
--------

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

Acknowledgments:
----------------

The following people have helped with suggestions, ideas or code:

  Dug Song <dugsong@monkey.org>
  Jamie Van Randwyk <jvanran@sandia.gov>
  Eric Thomas <edthoma@sandia.gov>
  Christopher Kolina
  Derek Cotton
  Yuqing Mai
  Lance Spitzner <lance@honeynet.org>
  Christian Kreibich <christian.kreibich@cl.cam.ac.uk>
  Bill Cheswick <ches@lumeta.com>
  Lauren Oudot <oudot@rstack.org>
  Jon Oberheide <jonojono@merit.edu>
  David Clark <david.clark@datasoft.com>
  Dan Petro <dan.petro@datasoft.com>
  David Scott <david.scott@datasoft.com>
  Addison Waldow <addison.waldow@datasoft.com>
  Rami Rashid <RamiRashid959@msn.com>
Something went wrong with that request. Please try again.