Honeypot and forEnsic Analysis Tool
Encyclopedia
Honeypot and forEnsic Analysis Tool or HEAT in short is a Live CD based on KNOPPIX S-T-D distro and Tiny Honeypot by George Bakos. This tool is primarily a honeypot for monitoring networks for unauthorized intrusions on information systems. It also doubles up as a forensic tool to perform analysis on the captured data. This tool is licensed under GNU GPL.

The tool is a complete environment for testing networks and using the results to perform forensic analysis of the data. This environment provides a solid platform for development, and vulnerability research. The majority of the tool is composed of components written in Shell code and Perl

This project was done by Vijay Vikram Shreenivos as a part of his final term project dissertation at James Cook University
James Cook University
James Cook University is a public university based in Townsville, Queensland, Australia. The university has two Australian campuses, located in Townsville and Cairns respectively, and an international campus in Singapore. JCU is the second oldest university in Queensland—proclaimed in 1970—and the...

Singapore.

System requirements

The system requirements for deploying HEAT are minimal as the entire distribution runs off a Live CD.
The hardware requirements are as follows
  1. Pentium 150 MHz or superior
  2. Hard disk IDE or SCSI (minimal size 512MB)
  3. Minimal 64MB RAM
  4. 1 CDROM Drive
  5. 1 NIC


Anything more is a bonus for running the tool.

Installation

Installation of HEAT is available in three formats
  1. Live CD
  2. VMWare Image
  3. Tarball


The Live CD boots the machine to desktop and users can run the install.sh program of the HEAT tool available in the /usr/bin folder. This will create the nescessary directories for capturing information. A user can add the services details in the /etc/inetd.conf and /etc/services to start the Honeypot program to emulate services. A configuration file is generated for users to make changes accordingly like choosing which interface is listening to the data, logging of packet data and available services for emulating.

FTP server

  1. Version wu-2.6.0(1)
  2. BSDI Version 7.00LS)
  3. PFTP 0.13
  4. FTPd Server
  5. Microsoft FTP Service (Version 4.0 /5.0)

SMTP Service

  1. Sendmail 8.9.3/8.9.3/Debian
  2. Microsoft Exchange Mail Service


Shell access

SSH ver 1 and 2

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK