HoneyPot : Intrusion Detection and Malware analysis

This is a Guest Post by “Satyajit Das” , who is an Ethical Hacking enthusiast &  shares his tips about security at Security Hunk

Intrusion detection or malware analysis is something which puts the ethical hacker/white hat  in the same frame of mind as that of a black hat because in order to catch a thief one has to think in the way he/she thinks then only we can trap him/her. HoneyPot a software package which comes very handy when intrusion detection or malware analysis comes into discussion .Lets see what it is all about.

What is the HoneyPot ?

We can divide “HoneyPot” into two words “Honey” & “Pot” lets see how honey and pot are related to intrusion detection and malware analysis….lol .You must have heard that bears are attracted towards honey and suppose that honey is kept in a pot .In the same way the honeypot here are to attract the blackhat people(attackers) and this Honeypot does not contain honey….lol but it consists of a single computer  or more computers that appears to be part of a network but is actually isolated and protected ,sometimes multiple number of honeypots can be used then it is called as Honeynet. They are configured in such a way that it can lure attackers .When the attackers enter this virtual network  and make mistakes  then they can be traced back .The ethical hacker should ensure that the attacker should not exploit the honeypot to enter the internal network  and glue or engage  him/her  in that virtual network only.

Honeypot Intrusion & Detection

How to install a HoneyPot?

There are many software package available under this name but here we will discuss about Honeybot and Kfsensor.

Step 1.First download Honeybot – Click Here and install it in your box.

Step 2.Now open up it  and click on the start button and wait for all the sockets to load(see at the bottom).

Step 3.Having done that click on option and configured to your convenience or as show below.



Step 4.You can see the View option to set few more settings. Now the honeybot is configured and just minimize to system tray.










Step 5.Once few result start appearing then you can right click on a particular result to see the details or even do a reverse DNS as shown below.




There is another software-Kfsensor which is a shareware but the trail version is available. You need to install WinPcap latest version before you install this package.I would prefer using Kfsensor compared to Honeybot as it has got more details evaluation options.

One can also view the ports accessed by the attacker as shown below by selecting the view port option.

HoneyPot surely can be used for intrusion detection and malware analysis in secure the system from future attacks but still then I would repeat the line which is one of the fav among the hackers community is “still then it can be hacked”….yeah there are methods by which the presence of a honeypot can be detected and by that one can avoid the trap set for him/her.Research is still on in this field and hope some advanced features would come up.