4

Background

I would like to setup a honeypot server on a Windows 7 PC.

  • My system is not part of a network and I don't run a server.
  • I have a Windows 7 desktop PC.
  • It's Home Premium Anytime Upgrade 32-bit OS and 32-bit PC.
  • I don't have a wireless card.
  • I do have a wireless router and its D-link DIR-815.
  • I do use my iPhone as WiFi and does not require a wireless card.

Question

Where would I find an exact step-by-step tutorial on how to set up a honeypot, start to finish? Are any free honeypots available?

TildalWave
  • 10,801
  • 11
  • 45
  • 84
user31251
  • 41
  • 1
  • 1
  • 2
  • Please check this [answer](http://security.stackexchange.com/a/10169/10372) to an old question on this forum. From the answer, there exists some [tools](http://www.honeynet.org/project) for creating honeypots and for [logging and monitoring activity](http://www.honeynet.org/gsoc/slots) on honeypots. – Jor-el Sep 26 '13 at 06:36
  • 1
    I would recommend you to start with honeyd (http://www.honeyd.org/general.php) first. Also the book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection maybe helpful for you as well. – Jor-el Sep 26 '13 at 10:56

3 Answers3

4

We cannot provide a complete step-by-step tutorial. You will have to figure some things out on your own. If you cannot, then running a honeypot is simply too dangerous because you ARE exposing yourself to a hacker and you need to know what you are doing.

1. Set up a protected environment for the honeypot

This is best done with a second cheap computer/laptop, but this can also be done with a virtual environment. I use VirtualBox: it is free and works very well. Once you get this going, then you have a choice in operating system. Linux really is the best choice here for the number of excellent and free honeypots available as well as the few resources it needs to run, which makes it perfect for cheap hardware or a virtual machine.

2. Choose a honeypot

You need to know what you want to do with your honeypot in order to make a choice here. 99% of them are free and on Linux.

3. Configure your router and firewalls (hardware and software)

This is where you can really hurt yourself if you do not know what you are doing. The honeypot you choose will determine what ports you need to open up and direct to your honeypot. You also need to make sure that traffic from your honeypot does not get directed to anywhere but the outside. No step-by-step tutorials here. You have to know. Get someone who does know to verify your configuration. Even I do that with my firewalls, and I'm a professional.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • Good advice on getting someone else to look at your firewall configuration. It always helps to have another set of eyes look at critical configurations, no matter how many times you've done it. – DKNUCKLES Oct 26 '13 at 14:02
3

There aren't many tools to setup honeypots on Windows, but if you insist to give it a try using Windows 7, here are two that I have used in the past:

  1. HoneyBOT (start here, it is a general purpose honeypot that can emulate many services)
  2. Omnivora (a second option, mostly to catch auto propagating malware)

Otherwise, just install VirtualBox and then download HoneyDrive (a virtual appliance with many honeypots preinstalled and mostly preconfigured).

Ion
  • 646
  • 5
  • 11
1

First things first: Using your phone to connect and deploying a honeypot is an imappropriate achitecture to deploy a honeypot.

This sounds like you want to run it it on your primary windows host. If that's true, you should really start from the basics, and consider what you're really wanting to find out. E.g. You want to see how to carry out attacks on alreay vulnerable services, or do you want to know if someone is attacking your services on Windowss 7?

The first case, has a lot of better ways to find out. For the second case, wat does your windows FW let through, if you need it open, but want to make sure no one is throwing an exploit at it, then you can potentially use a honeypot with a hackable service that matches -- but you'd run them either on a different host. Yes you could run a virtual machine, but your primary host is still exposed at the same time.

Additionally, even if your honeypot, which emulating the service you're concerned about on your win7 machine, is hacked it doesn't mean your win 7 one is vulnerable, if you've applied patches.

If you want to see what the hackers are doing great set up another host and connect it.

wayne
  • 11
  • 1