Honeytrap 1.0.0 Released

Oct 29, 2007

Version 1.0.0 of the honeypot daemon Honeytrap has been released. It has a completely reworked configuration mechanism and new plugins.

The GPL'd program registers attacks against TCP services. When a request arrives from an unknown port, Honeytrap dynamically launches a server process to handle it. This avoids the need for the software to continually bind thousands of ports. Connection monitors based on Libpcap, Netfilter/Iptables or Netfilter_Queue handle the bindings. Honeytrap will run in various modes, including a proxy mode where it forwards connections and sniffs traffic. The daemon comprises two parts. The program core collects data and can load plugins at runtime for analysis purposes. Plugins currently available store strings and malware from attacks, and special extensions are available for identifying FTP and TFTP commands. In addition to this, there is a parser for attacks on VNC servers, a pluging that decodes Base 64 encoded exploits, and a module that identifies attacks heuristically using similarity checks. Honeytrap 1.0.0 is available as a source code archive on the Sourceforge download servers. The subversion repository for the project also supports access to the current sources. In addition to this, the download page has Xen templates and Qemu images for the virtual Honeytrap server.

Related content

  • DoS Attack Exploit in BIND 9

    A specially crafted dynamic update message to a DNS zone for which the server is a master can raise havoc in BIND 9. An active remote exploit is already "in wide circulation."

  • Honeynet

    Security-conscious admins can use a honeynet to monitor, log, and analyze intrusion techniques.

  • Firewall Logfile Analyzers

    Netfilter firewalls create highly detailed logfiles that nobody really wants to inspectmanually. Logfile analysis tools like IPtables Log Analyzer,Wallfire Wflogs,and FWlogwatch help administrators keep track of developments and filter for importantmessages.

  • Security Lessons

    Are your systems secure against DNS attacks? We'll show you why they matter and help you determine whether you are vulnerable.

  • ISC Begins BIND 10 Development

    After 10 years the industry-independent Internet Systems Consortium (ISC) is embarking on a completely new BIND implementation with BIND 10. Its patrons and sponsors should ensure that the market leader in DNS implementation is more secure, flexible and highly scalable, although developers are keeping the details close to their chests at present.

comments powered by Disqus

Issue 170/2015

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia