Linux and Windows Honeypots
Honeypots are, in the main, designed to imitate real information technology systems but with a focus on deflecting would-be attackers away from live production systems. This is achieved by attempting to make the Honeypot a much more attractive target than the production system. They may be used to gather intelligence on new attacks and in turn this information could be used to formulate defenses. Honeypots can also be used as part of an organisations Defence in Depth strategy.
Amazon Web Services (AWS)
First off you will need to sign up for a free AWS account. https://aws.amazon.com/free/
The main thing here is that you will get the ability to spin up 2 servers for free.
- 750 hours of Amazon EC2 Linux t2.micro instance usage (1 GiB of memory and 32-bit and 64-bit platform support) – enough hours to run continuously each month
- 750 hours of Amazon EC2 Microsoft Windows Server† t2.micro instance usage (1 GiB of memory and 32-bit and 64-bit platform support) – enough hours to run continuously each month
NOTE: Go through the tutorials! This stuff isnt rocket science but will give you a good understanding of how instances are provisioned and how to actually access them with RDP and PUTTY.
The RDP client is already built into windows but you will have to download Putty from here.
You will then need to spin up 1 x Linux and 1 x Windows Server 2016
Ensure you select the “Free Tier” option when you provision your server. Once you have them up and running they will be in your account as Instances.
NOTE: Dont forget to open up your “Security Group” entries to All protocols and All Port ranges if you want the world to see your server.
Follow the instructions on this page to install the “Modern Honey Network” server.
You may have to run this command to ensure all the services are running: sudo /opt/hpfeeds/env/bin/python -m pip install –upgrade pyopenssl
Once you have accessed the web portal you will need to deploy a probe to listen with. Select Deploy from the menu and select New Script. From the drop down select Ubuntu – p0f and copy the Deploy Command code into your SSH Putty session. This will hopefully install the p0f honeypot.
Essentially that’s it to be honest. I have been particularly vague with my instructions but I believe this is the best way to learn as you may have to do a little bit more research work yourself to get things working. Things like ensuring firewalls are letting things through and ensuring that services are running. In Linux this is not easy but again, I ain’t spoonfeeding the answers because in most cases my solutions might not work for your instance.
DONT GIVE UP! You can do this.
Windows Server 2016 Honeypot
Now, this one is much easier than the Linux one!
First off ensure the Windows Firewall is turned off or nothing will get through!
Download and install KFSensor from here – http://www.keyfocus.net/kfsensor/
This will give you a 30 day trial of the Honeypot, you can always kill your instance in 30 days and rebuilt a new one?
Once installed you will be able to get a very detailed insight to who is probing your server!