Simulate a Network of Vulnerable Hosts

Use honeyd to fool would-be attackers into chasing ghosts.

As the saying goes, you will attract more flies with honey than with vinegar. (I’ve never understood that saying; who wants to attract flies, anyway?) A honeypot is used to attract the “flies” of the Internet: script kiddies and hacker wannabes that have nothing better to do with their time than scan for vulnerable hosts and try to attack them. A honeypot does this by pretending to be a server running vulnerable services, but is in fact collecting information about the attackers who think themselves so clever.

Whether you want to simulate one or one thousand vulnerable network hosts, honeyd ( makes the job as simple as editing a configuration file and running a daemon. The honeyd daemon can simulate thousands of hosts simultaneously and will let you configure what operating system each host will appear as when scanned with operating system detection tools like Nmap [Hack #42] . Each system that honeyd simulates will appear to be a fully functioning node on the network. Besides simply creating hosts that respond to pings and traceroutes, honeyd also lets you configure what services each host appears to be running. You can either use simple scripts to emulate a given service or have honeyd act as a proxy and forward requests to another host for servicing.

honeyd has several prerequisites that you’ll need to install before building the daemon itself. These are ...

Get Network Security Hacks now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.