Chapter 4. Honeyd — The Basics

4.1 Overview

4.2 Design Overview

4.3 Receiving Network Data

4.4 Runtime Flags

4.5 Configuration

4.6 Experiments with Honeyd

4.7 Services

4.8 Logging

4.9 Summary

Honeyd is a framework to instrument thousands of Internet addresses with virtual honeypots and corresponding network services. Usually, we configure Honeyd to instrument-unallocated IP addresses on an existing network. For each IP address, we can tell Honeyd how we want the simulated computer to behave. For example, we could set up a virtual web server that seems to run Linux and listens on port 80. We could create a virtual honeypot on another IP address with a network stack that looks like Windows on which all TCP ports seem to be running services. This ...

Get Virtual Honeypots: From Botnet Tracking to Intrusion Detection now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.