Guest Posted January 9, 2015 Share Posted January 9, 2015 (edited) Hey guys. I was wondering how to go about setting up a JAVA-BASED honeypot in VMware, using the network architecture below as an example. I 'm specific about the honeypot being java-based because I'd like to be able to generate statistical reports in a java console. If this project has been worked on before, I'd appreciate a re-direct or two, and I'd also like to know your recommendations on the types of operating systems suggested for each of the systems in the network (IDS, client/webserver, honeypot, firewall). Thanks. Edited January 9, 2015 by AlaricPrimus Quote Link to comment Share on other sites More sharing options...
digip Posted January 10, 2015 Share Posted January 10, 2015 Hmm. Couldn't you write a java memory,packet and network scanner/sniffer, that parses and displays info in the manner you want, negating the need for the apps running and being attacked to be java based? Quote Link to comment Share on other sites More sharing options...
cooper Posted January 10, 2015 Share Posted January 10, 2015 (edited) I 'm specific about the honeypot being java-based because I'd like to be able to generate statistical reports in a java console. That's a bit of a strange logic jump... Your honeypot collects data and because you want to use java to display stats from that data the data must therefore be generated by java. Data is just that - data. Nothing java-specific about it. Just make sure you understand the structure of the captured data. Then writing the statistics gathering and displaying engine (which you need to do anyways) shouldn't be hard. You could be thinking about gathering your data from a JMX-enabled application so you can attach a java console to it as it runs and query the data, but then you're simply combining the storing of your collected data with the application itself. The drawback of this is that once the application terminates your collected data will have disappeared so I don't think that's a good idea. JMX is best used to gather stats on the performance of a running program itself (how many ports are open, how big is the threadpool, do I need to extend my database pool, is my cache being hit often enough to warrant the memory use it incurs, THOSE sorts of questions). Not to retain info on something you might very well want to use at a later time. I'd also be a bit careful with putting a honeypot on a VM. You must assume that the attacker will jump out of the VM and onto the host so unless you've ensured that that's not going to be a problem (i.e. it's hosting nothing else valuable, will be wiped once the experiment concludes and is itself also isolated so it can't be used as a new beach head for the attacker to dive deeper into your network) I'd recommend against it. Edited January 10, 2015 by Cooper Quote Link to comment Share on other sites More sharing options...
digip Posted January 10, 2015 Share Posted January 10, 2015 (edited) I'm wondering if Java came into play because of the whole VM thing, which in this case, Oracles VBox is java based, VMware, is not Java based. Anyhow, Cooper better explained than I did..lol. Data through whatever filter(straw it passes through to be sipped) could be parsed in any language. It just needs to be fed/piped in, and you then need to know how to wrap and sort whats coming in to be displayed how you want. I'd say for starters, check out jpcap https://www.google.com/search?num=50&newwindow=1&site=&source=hp&q=java+packet+monitor&oq=java+packet+scanner&gs_l=hp.3.3.0i22i30l4.41.11797.0.16463.30.24.5.1.1.0.211.2715.0j19j1.20.0.msedr...0...1c.1.60.hp..4.26.2802.z8lC8RpQ2vo and something like jmap for the memory/app side. I can see the benefits of an IDS in java though, since it could be more cross platform and not need so much a VM to run in, but have down the road implications for safe guarding machines from attacks. Edited January 10, 2015 by digip Quote Link to comment Share on other sites More sharing options...
cooper Posted January 10, 2015 Share Posted January 10, 2015 Oracles VBox is java based I think you're wrong on that one. The management client, at least on Linux, is Qt based (and an old one at that) which would be the most logical first part to make in Java if you were so inclined. Quote Link to comment Share on other sites More sharing options...
digip Posted January 10, 2015 Share Posted January 10, 2015 My bad. I thought Java was a requirement to run VBox. Quote Link to comment Share on other sites More sharing options...
Guest Posted April 16, 2015 Share Posted April 16, 2015 Thanks for the advice guys, especially about the networking configurations. I initially intended to create a small honeypot testbed with certain constraints, and java happened to be the specified language for the project. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.