Jump to content

kippo honeypot experience?


Recommended Posts

I don't know the software. General advice when setting up a Honeypot:

1. Assume the honeypot has been completely compromised from day 1. Monitor the machine by looking at the traffic ONLY.

2. Try to run the install off of read-only media (CD/DVD/write-protected SD/...) so a quick reset will revert any changes anybody may have made.

3. DO NOT set this up on your home network directly accessible via your ISP - they might notice the suspect traffic, assume you've been hacked and shut you off (yup, experience talking here. If it happens to you, call them up and say you've found and completely reinstalled the hacked machine. Blame a family member who'se since had a stern talking to. DO NOT say you're running a honeypot as they'll probably tell you that's against their TOS and it'll take longer for you to get back online).

4. Never, EVER connect to this machine via the network. If you must log on, do so using direct access. Absolutely NOTHING on this machine can refer to anything else you have access to as it'll likely become the next target once the honeypot has been taken.

5. If this machine resides on your network, FIREWALL THE LIVING FUCK out of the connection between it and the rest of the network. See #1. Try to airgap the thing.

And of course

6. Report back what you find. It should be pretty interesting.

Link to comment
Share on other sites

1st off i wont be running on my private internet connection. It will be placed in a datacenter after a firewall. Only port 22 will be configured as forward ( ssh honeypot ) outgoing only the minimum will be allowed. Access to the vps running it will happen over a vpn towards the vps server and then by console ( close to direct as possible ). Might allow trusted community members access to the data. there are some scripts to let it autosend the data/logs by mail.

Edited by GuardMoony
Link to comment
Share on other sites

Read a bit more about Kippo. It looks pretty nice and it's an interesting concept. I'd be quite interested to know what it turns up.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...