Introduction Of Honey Pots

Introduction Of Honey Pots

Honey pots are a fascinating and valuable tool used in the field of ethical hacking and cybersecurity. A honey pot is a decoy system or network designed to attract and deceive potential attackers, thereby diverting their attention from critical systems and data. The term “honey pot” is derived from the concept of luring adversaries with the allure of something sweet and valuable, only to trap them.

The primary objective of deploying honey pots is to gather intelligence about the attackers’ methods, techniques, and motives, which can then be used to strengthen the overall security posture of an organization. Honey pots serve as an early warning system, providing security teams with insights into emerging threats and attack trends.

Key points to understand about honey pots:

  1. Deception: Honey pots are designed to appear as legitimate systems or services that are valuable targets for attackers. They often simulate vulnerabilities and attractive data to lure potential intruders.
  2. Isolation: Honey pots should be isolated from the critical production network to prevent any impact on the actual systems. They operate separately, minimizing the risk of exposing sensitive data.
  3. Types of Honey Pots: There are different types of honey pots, including high-interaction and low-interaction. High-interaction honey pots mimic real systems and allow attackers to interact fully, capturing extensive information. Low-interaction honey pots emulate specific services or protocols, providing basic interaction while minimizing risk.
  4. Detection and Monitoring: Honey pots are actively monitored, and any unauthorized access or activity triggers alerts for security personnel. This allows them to closely analyze the attacker’s actions.
  5. Legal Considerations: Deploying honey pots requires careful consideration of legal and ethical aspects. Organizations must ensure that they have the appropriate permissions to use deception techniques and that their activities comply with local laws and regulations.
  6. Research and Analysis: Information gathered from honey pots helps security teams understand attack patterns, identify new vulnerabilities, and refine incident response strategies.
  7. Complementary Technology: Honey pots are just one tool in the arsenal of ethical hackers and cybersecurity professionals. They work in conjunction with other security measures, such as firewalls, intrusion detection systems (IDS), and regular vulnerability assessments.

In ethical hacking scenarios, the deployment of honey pots is conducted with the goal of improving overall security and understanding the tactics of potential adversaries. Ethical hackers use honey pots to detect, analyze, and ultimately mitigate security threats, making them an invaluable asset in the constant battle against cyber threats.

Introduction to IDS | IPS | Honeypots
Network Security With Snort
Log Analysis
Honeypots and Attack Analysis
UTM stands for Unified THreat Management Syste is a promising technology having Firewalls, Antiviruses, IDS, IPS, Web SEcurity, Wireless SEcurity, Service Enumeration etc.
Eg. Sophos UTM 9.

IDS –> Intrusion Detection System|Servcies in Honey Pots

It is the service which helps in detecting in any kind of intrusion and malicious activity of teh attacker in the network.
IPS –> Intrusion Prevention System|Servcies
After, once the intrusion is detected, there comes the prevention phase. In this phase, the application or the software will tell you that these are the ways in which you can prevent your system from being intruded or from being compromised.
IDS and IPS are known as the anti virus of the network –> They work on the network level.
They work on the content of the packet which are transmitted in the network.
Destination Port
Source Port
Source IP Address
Destination IP Address
SNORT –> It is considered to be the world’s best IDS and IPS used by teh corporates.
It works on the rule basis of the data and the packets.

For Installing SNORT in Honey Pots

#apt-get install snort
For Checking the SNORT Version
#snort -V
For Starting SNORT
Rule Files
/etc/snort/rules –> where all the rules are located, of snort.


alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:”FINGER null request”; flow:to_server,established; content:”|00|”; reference:arachnids,377; classtype:attempted-recon; sid:324; rev:5;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 21
(msg:”FTP MDTM overflow attempt”; flow:to_server,established; content:”MDTM”; nocase; isdataat:100,relative; pcre:”/^MDTM\s[^\n]{100}/smi”; reference:bugtraq,9751; reference:cve,2001-1021; reference:cve,2004-0330; reference:nessus,12080; classtype:attempted-admin; sid:2546; rev:5;)
Format For Creating Snort Rules
Basic Rule Syntax
Action Protocol SourceIPAddress SourcePortNumber DirectionOfFlow DestinationIPAddress DestinationPortNuber (Body;)
alert tcp any any -> any any (msg:”Sample Alert”;)
The Rule Header
Action (log, Alert)
Protocol (TCP, UDP, IP, ICMP, any)
Source IP Address –> From where Data is originated
Source Port Number –> Port Number of the source Device
Direction Operator –> (“->” – Unidertional, “<>” – bidirectional)
Destination IP Address –> To which IP Address data is going
Destination Port Number –> To which port session is creating
Source and Destination IP Address can be variables
1. $EXTERNAL_NET –> Any IP Address which is an external IP Address, outside the organisation.
2. $HOME_NET –> Any IP Address from the inernal organisation or the intranet.

Source IP Address in Honey Pots

1. If I want to make it specific –> instead of any, i want to give an IP Address
alert any any -> $HOME_NET any (msg:”Vallari Mittal Is Again Attacking”;)
2. If I want the source IP Address for Intranet
alert any $HOME_NET any -> any any (body;)
3. If I want the source IP Address for Internet
alert any $EXTERNAL_NET any -> any any (body;)
Same Thing Goes With Destination IP Address.
alert any any any <> any any (content:””;msg:”Imma Watson is attacking”)
alert tcp any 22 <> 22 (msg; kiki ka ssh)
We will create these rules and save them in /etc/snort/rules.
imma.rules —> rule file
But we havenot implemented those rules.
For Implementing we need to edit a configuration file of snort.
Types Of Rule Options
There are 5 types of rule Options
1. Metadata
2. Payload Data
3. Non Payload Data
4. Post Detection
5. Thresholding and suppression
It is a system designed to appear vulnerable to attackers. The goal of a Honeypot is to log all the attacker’s activity to study their behavious, log their IP Addresses, Track their locations and collect the data about 0-day exploits. The idea of Honeypot is nothing but a server that offers any kind of services to the attackers, from ssh to telnet, showing various well known exploitable ports.
Pentbox –> HoneyPot for Linux/unix based OS.
Download .tar.gz file from
Open the terminal
#cd Downloads
#tar vzxf Filename.tar.gz
#cd pentbox-1.0

Log Analysis

Syntax of Log Of A Server
IP Address | Remote Log Name | Authentication Type | TimeStamp | Access Request | Response Code | Data Transfer (Bytes) | Referrer URL | User Agent
IP Address -> –> IP Address of the visitor
Remote Log Name –> Identity Check for browser ‘-‘
Authentication –>  1. Basic Authentication
2. Integrated Authentication
3. Form Based Authentication
4. Digest Authentication
Response Code –> 5 type of responses code
1xx –> Informational resource
2xx –> Successful redirection
3xx –> Redirection
4xx –> Client Side error
5xx –> Server Side error

Follow Us On Cyber Point Solution Youtube Channel : Click Here

Follow Us on Social Platforms to get Updated : twiter,  facebookGoogle Plus

Learn More Ethical Hacking and Cyber Security click on this link. cyber security

Leave a Reply

Your email address will not be published. Required fields are marked *