Jump to content

Guest
 Share

Recommended Posts

Hey guys.

I was wondering how to go about setting up a JAVA-BASED honeypot in VMware, using the network architecture below as an example.

post-45076-0-56578900-1420846062_thumb.j

I 'm specific about the honeypot being java-based because I'd like to be able to generate statistical reports in a java console.

If this project has been worked on before, I'd appreciate a re-direct or two, and I'd also like to know your recommendations on the types of operating systems suggested for each of the systems in the network (IDS, client/webserver, honeypot, firewall).

Thanks.

Edited by AlaricPrimus
Link to comment
Share on other sites

Hmm. Couldn't you write a java memory,packet and network scanner/sniffer, that parses and displays info in the manner you want, negating the need for the apps running and being attacked to be java based?

Link to comment
Share on other sites

I 'm specific about the honeypot being java-based because I'd like to be able to generate statistical reports in a java console.

That's a bit of a strange logic jump...

Your honeypot collects data and because you want to use java to display stats from that data the data must therefore be generated by java.

Data is just that - data. Nothing java-specific about it. Just make sure you understand the structure of the captured data. Then writing the statistics gathering and displaying engine (which you need to do anyways) shouldn't be hard.

You could be thinking about gathering your data from a JMX-enabled application so you can attach a java console to it as it runs and query the data, but then you're simply combining the storing of your collected data with the application itself. The drawback of this is that once the application terminates your collected data will have disappeared so I don't think that's a good idea. JMX is best used to gather stats on the performance of a running program itself (how many ports are open, how big is the threadpool, do I need to extend my database pool, is my cache being hit often enough to warrant the memory use it incurs, THOSE sorts of questions). Not to retain info on something you might very well want to use at a later time.

I'd also be a bit careful with putting a honeypot on a VM. You must assume that the attacker will jump out of the VM and onto the host so unless you've ensured that that's not going to be a problem (i.e. it's hosting nothing else valuable, will be wiped once the experiment concludes and is itself also isolated so it can't be used as a new beach head for the attacker to dive deeper into your network) I'd recommend against it.

Edited by Cooper
Link to comment
Share on other sites

I'm wondering if Java came into play because of the whole VM thing, which in this case, Oracles VBox is java based, VMware, is not Java based. Anyhow, Cooper better explained than I did..lol. Data through whatever filter(straw it passes through to be sipped) could be parsed in any language. It just needs to be fed/piped in, and you then need to know how to wrap and sort whats coming in to be displayed how you want.

I'd say for starters, check out jpcap https://www.google.com/search?num=50&newwindow=1&site=&source=hp&q=java+packet+monitor&oq=java+packet+scanner&gs_l=hp.3.3.0i22i30l4.41.11797.0.16463.30.24.5.1.1.0.211.2715.0j19j1.20.0.msedr...0...1c.1.60.hp..4.26.2802.z8lC8RpQ2vo and something like jmap for the memory/app side.

I can see the benefits of an IDS in java though, since it could be more cross platform and not need so much a VM to run in, but have down the road implications for safe guarding machines from attacks.

Edited by digip
Link to comment
Share on other sites

Oracles VBox is java based

I think you're wrong on that one. The management client, at least on Linux, is Qt based (and an old one at that) which would be the most logical first part to make in Java if you were so inclined.

Link to comment
Share on other sites

  • 3 months later...

Thanks for the advice guys, especially about the networking configurations. I initially intended to create a small honeypot testbed with certain constraints, and java happened to be the specified language for the project.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...