Honeyd
Encyclopedia
Honeyd is an open source
computer program created by Niels Provos
that allows a user to set up and run multiple virtual hosts on a computer network
. These virtual hosts can be configured to mimic several different types of servers
, allowing the user to simulate an infinite number of computer network configurations. Honeyd is primarily used in the field of computer security
by professionals and hobbyists alike, and is included as part of Knoppix Security Tools Distribution
.
. If a network only has 3 real servers, but one server is running Honeyd, the network will appear running hundreds of servers to a hacker. The hacker will then have to do more research (possibly through social engineering
) in order to determine which servers are real, or the hacker may get caught in a honeypot
. Either way, the hacker will be slowed down or possibly caught.
. On a network, all normal traffic should be to and from valid servers only. Thus, a network administrator running Honeyd can monitor his/her logs to see if there is any traffic going to the virtual hosts set up by Honeyd. Any traffic going to these virtual servers can be considered highly suspicious. The network administrator can then take preventative action, perhaps by blocking the suspicious IP address
or by further monitoring the network for suspicious traffic.
Open-source software
Open-source software is computer software that is available in source code form: the source code and certain other rights normally reserved for copyright holders are provided under a software license that permits users to study, change, improve and at times also to distribute the software.Open...
computer program created by Niels Provos
Niels Provos
Niels Provos is a researcher in the areas of secure systems, malware and cryptography. He is currently a Principal Software Engineer at Google. He received his PhD in Computer Science from the University of Michigan....
that allows a user to set up and run multiple virtual hosts on a computer network
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
. These virtual hosts can be configured to mimic several different types of servers
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
, allowing the user to simulate an infinite number of computer network configurations. Honeyd is primarily used in the field of computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
by professionals and hobbyists alike, and is included as part of Knoppix Security Tools Distribution
Knoppix STD
Knoppix STD is a Live CD Linux distribution based on Knoppix that focused on computer security tools. It included GPL licensed tools in the following categories: authentication, password cracking, encryption, forensics, firewalls, honeypots, intrusion detection system, network utilities,...
.
Distraction
Honeyd is used primarily for two purposes. Using the software's ability to mimic many different network hosts at once (up to 65536 hosts at once), Honeyd can act as a distraction to potential hackersHacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
. If a network only has 3 real servers, but one server is running Honeyd, the network will appear running hundreds of servers to a hacker. The hacker will then have to do more research (possibly through social engineering
Social engineering (security)
Social engineering is commonly understood to mean the art of manipulating people into performing actions or divulging confidential information...
) in order to determine which servers are real, or the hacker may get caught in a honeypot
Honeypot (computing)
In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems...
. Either way, the hacker will be slowed down or possibly caught.
Honeypot
Honeyd gets its name for its ability to be used as a honeypotHoneypot (computing)
In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems...
. On a network, all normal traffic should be to and from valid servers only. Thus, a network administrator running Honeyd can monitor his/her logs to see if there is any traffic going to the virtual hosts set up by Honeyd. Any traffic going to these virtual servers can be considered highly suspicious. The network administrator can then take preventative action, perhaps by blocking the suspicious IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
or by further monitoring the network for suspicious traffic.