Honeyd
   HOME

TheInfoList



Click Here for Items Related To - Honeyd
OR:
Honeyd on:   [Wikipedia]   [Google]   [Amazon]

Honeyd is an
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
computer program created by Niels Provos that allows a user to set up and run multiple virtual hosts on a computer network. These virtual hosts can be configured to mimic several different types of servers, allowing the user to simulate an infinite number of computer network configurations. Honeyd is primarily used in the field of computer security.


Primary Applications


Distraction

Honeyd is used primarily for two purposes. Using the software's ability to mimic many different network hosts at once (up to 65536 hosts at once), Honeyd can act as a distraction to potential
hackers A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...
. If a network only has 3 real servers, but one server is running Honeyd, the network will appear running hundreds of servers to a hacker. The hacker will then have to do more research (possibly through
social engineering Social engineering may refer to: * Social engineering (political science), a means of influencing particular attitudes and social behaviors on a large scale * Social engineering (security), obtaining confidential information by manipulating and/or ...
) in order to determine which servers are real, or the hacker may get caught in a honeypot. Either way, the hacker will be slowed down or possibly caught.


Honeypot

Honeyd gets its name for its ability to be used as a honeypot. On a network, all normal traffic should be to and from valid servers only. Thus, a network administrator running Honeyd can monitor his/her logs to see if there is any traffic going to the virtual hosts set up by Honeyd. Any traffic going to these virtual servers can be considered highly suspicious. The network administrator can then take preventative action, perhaps by blocking the suspicious IP address or by further monitoring the network for suspicious traffic.


External links

* {{Official website, http://www.honeyd.org/
"Deploying Honeypots with Honeyd"
Computer network security