What is the HONEYPOT technology? The Honeypot is a computing system running on the Internet. It is designed to attract and trick people (such as computer hackers) who attempt to illegally break into others' computer systems. The honey tank system is a fraud system that contains vulnerabilities, it simulates one or more vulnerable hosts and provides attackers with a target that is easy to attack. Because the honeypot does not provide genuine and valuable services to the outside world, all attempts to the honeypot are considered suspicious. Another purpose of the honeypot is to delay the attacker's attack on the real target and waste time on the honeypot. To put it simply, honeypot is a trap for capturing attackers.
I. Initial contact with HoneyPot
Defnet HoneyPot is a well-known HoneyPot software that virtualizes various common system vulnerabilities and waits for hackers to hook up.
First, the software. As this is a green software, you can directly decompress the downloaded file to run it. After the software runs, you can see that its interface is relatively simple. The main area on the left is to record the information of hacker attacks, and the corresponding configuration button on the right. Next we will configure it as a perfect trap.
Ii. enable virtual Vulnerabilities
Click the "HoneyPot" button on the main interface of the software to open the program Configuration window. The common Web and FTP camouflage services are displayed on the left of the window. You can also copy a common text file to this directory to disguise the FTP server.
After preparation, we can select the "Web Server" option and enter "80" in "Port", that is, the virtual Port 80, at the same time, enter the "C: wwwroot" Directory in "Directory". Similarly, you can select the "FTP Server" virtual FTP Server. If "Full Access" is selected, all permissions are granted to the virtual FTP.
In addition to disguising common services, we can also disguise local disks. Select "Telnet Server" in the lower-right corner and click "Advanced, in the window that appears, set the Drive letter "Drive", Volume label "Volume", Free Space in bytes ", and other details to make the virtual system more authentic and reliable.
After setting the information, return to the main interface of the software and click "Monitore" to start the program.
When a hacker starts to scan our computer, all the vulnerabilities he finds are virtual vulnerabilities provided by the honeypot, and these hackers are unaware of them, perhaps we are still secretly happy with our successful intrusion. In fact, we can see a hole in what hackers are doing on the main interface.
3. remotely view Data
Because the honeypot is usually deployed on the server, it is impossible for the Administrator to sit in front of the server at any time. In this regard, we can use emails to receive the capture records of the honeypot.
Click the "Options" button on the main interface, select the "Send logs by e-mail" item, and fill in the received email address in "Your e-mail, enter the email Server address in "Server", the sending Address in "For", and the user name and password of the email address in "Authentication required, in this way, after saving the settings, the program can send the logs generated by hacker attacks to the specified mailbox according to the predefined settings.
After the honeypot is set up, we can collect evidence of hacker intrusion and ensure computer security. If you have been attacked by hackers, set up a "sweet jar" to lure hackers.