virtual honeypots
Pull request Compare This branch is 139 commits behind DataSoft:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
compat
dpkt
os-test
pypcap
regress
scripts
subsystems
webserver
.gitignore
ChangeLog
LICENSE
Makefile.am
README
acconfig.h
analyze.c
analyze.h
arp.c
arp.h
atomicio.c
autogen.sh
command.c
condition.c
condition.h
config.c
config.ethernet
config.sample
configure
configure.in
daemon.c
debug.h
dhcpclient.c
dhcpclient.h
err.c
ethernet.c
ethernet.h
fdpass.c
fdpass.h
filter.c
filter.h
generate_assoc.py
getopt_long.c
gre.c
gre.h
histogram.c
histogram.h
honeyd.8
honeyd.c
honeyd.h
honeyd_overload.c
honeyd_overload.h
honeydctl.1
honeydctl.c
honeydstats.c
honeydstats.h
honeydstats_main.c
hooks.c
hooks.h
hsniff.c
hsniff.h
install-sh
interface.c
interface.h
ipfrag.c
ipfrag.h
keycount.c
keycount.h
lex.c
lex.l
log.c
log.h
ltmain.sh
missing
mkinstalldirs
network.c
network.h
nmap-os-db
nmap.assoc
osfp.c
osfp.h
parse.c
parse.h
parse.y
parser.h
personality.c
personality.h
pf.os
pf_osfp.c
pfctl_osfp.c
pfvar.h
plugins.c
plugins.h
plugins_config.c
plugins_config.h
pool.c
pool.h
pydatahoneyd.c
pydatahoneyd.h
pydataprocessing.c
pydataprocessing.h
pyextend.c
pyextend.h
router.c
router.h
rrdtool.c
rrdtool.h
sha1.c
stamp-h.in
stats.c
stats.h
strlcat.c
strlcpy.c
strsep.c
subsystem.c
subsystem.h
tagging.c
tagging.h
tcp.c
tcp.h
template.h
udp.c
udp.h
ui.c
ui.h
untagging.c
untagging.h
util.c
util.h
xprobe2.conf
xprobe_assoc.c
xprobe_assoc.h

README

Honeyd 1.6a
Copyright (c) 2002 - 2007 Niels Provos <provos@citi.umich.edu>
-------------------------------------------------------------------------

About Honeyd:
-------------

Honeyd is a small daemon that creates virtual hosts on a network.  The
hosts can be configured to run arbitrary services, and their TCP
personality can be adapted so that they appear to be running certain
versions of operating systems.  Honeyd enables a single host to claim
multiple addresses - I have tested up to 65536 - on a LAN for network
simulation.

It is possible to ping the virtual machines, or to traceroute them.
Any type of service on the virtual machine can be simulated according
to a simple configuration file.  Instead of simulating a service, it
is also possible to proxy it to another machine.

Installation:
-------------

Honeyd depends on several libraries:

 - libevent  - event notification
 - libdnet   - packet creation
 - libpcap   - packet sniffing
 - libpcre   - perl regular expression library (optional; for subsystems)

Make sure that you have them installed.



To install dependencies in Ubuntu:

$ sudo apt-get install libevent-dev libdumbnet-dev libpcap-dev libpcre3-dev libedit-dev bison flex libtool automake

To install dependencies in ArchLinux:

# First get these packages
$ pacman -S libdnet libpcap libevent pcre libedit bison flex libtool automake

For the regression framework to run, you need to install the Python
module for libdnet.  You might need Python 2.4 for the best results.

To build honeyd, run the following commands:

$ ./configure
$ make
$ make install

If your compilation stops due to Python related errors, you can try to
run configure as

$ ./configure --without-python

If you get compilation warnings on Linux bitch to the people responsible
for the conditional header file idioticy.

Documentation:
--------------

You can find documentation as part of this release.  The manual
page can be accessed with the following commands:

$ man honeyd

or in the source directory

$ nroff -mdoc honeyd.8

More information can be found at http://www.honeyd.org/ and https://github.com/DataSoft/Honeyd

Running:
--------

Honeyd requires root-privileges for execution.  Normally, you run it
with arguments similiar to the following:

$ sudo ./honeyd -d -f config.sample 10.0.0.0/8

It is strongly recommend that you run Honeyd in a chroot environment
under a sandbox like systrace.  If possible, Honeyd drops privileges
after creating its raw sockets.  This depends on your configuration
file.  You can force privileges to be dropped by setting Honeyd's uid
and gid via the -u <uid> and -g <gid> flags.

Testing
-------

To empirically verify the quality of OS scan results, a bash script named
ostest is included. There are a few "gotcha"s with this, however. Normally,
honeyd ignores packets coming from the same machine that it's running on
so as to avoid routing loops. (or so it claims, at least) So scanning
yourself doesn't work.

An ugly hack to make this work is to use a separate hardware ethernet
interface such as a cheap usb-ethernet adapter. You then have two eth adapters,
call them eth0 and eth1. Set up a route so that the IP address given to 
ostest is routing to eth0. You then set up honeyd to listen on eth1. 

Honeyd will see packets coming from eth0 and assume that it is a different
machine than ours, and not drop them.

License:
--------

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

Acknowledgments:
----------------

The following people have helped with suggestions, ideas or code:

  Dug Song <dugsong@monkey.org>
  Jamie Van Randwyk <jvanran@sandia.gov>
  Eric Thomas <edthoma@sandia.gov>
  Christopher Kolina
  Derek Cotton
  Yuqing Mai
  Lance Spitzner <lance@honeynet.org>
  Christian Kreibich <christian.kreibich@cl.cam.ac.uk>
  Bill Cheswick <ches@lumeta.com>
  Lauren Oudot <oudot@rstack.org>
  Jon Oberheide <jonojono@merit.edu>
  David Clark <david.clark@datasoft.com>
  Dan Petro <dan.petro@datasoft.com>
  David Scott <david.scott@datasoft.com>
  Addison Waldow <addison.waldow@datasoft.com>