HoneypotBy,

101015275_Chandrak Trivedi101014369_Parbodh Verma

HONEYPOT - Chandrak & Parbodh 2

Learning Objective• What is Honeypot?

• Understand principles of Honeypot

• Explain Honeypot Infrastructure

• Understand various type of Honeypots

• Demonstration of attacks on Honeypot

HONEYPOT - Chandrak & Parbodh 3

What is Honeypot?• Decoy Server • Gathering Information

• Additional level of security

• Can be inside, outside or DMZ zones of firewall

• Resemble a real system

HONEYPOT - Chandrak & Parbodh 4

Principles of Honeypot• Principle 1: Do not fake • Principle 2: Segregation of duties

• Principle 3: Smart deployment

HONEYPOT - Chandrak & Parbodh 5

Internal Network

SIEM

SOC

InternetAttacker

Database (logs)

Honeypot

Honeypot Network

HoneypotInfrastructure

HONEYPOT - Chandrak & Parbodh 6

Honeypot Types• HonnyPotter - A WordPress login honeypot for collection and analysis of

failed login attempts. • wp-smart-honeypot - WordPress plugin to reduce comment spam with a

smarter honeypot• wordpot - A WordPress Honeypot • RDPy - A Microsoft Remote Desktop Protocol (RDP) honeypot in python • Honeyprint - Printer honeypot• Mailoney - SMTP honeypot, Open Relay, Cred Harvester written in python.• Many more…

HONEYPOT - Chandrak & Parbodh 7

Demonstration

Attacker : Kali Linux(Hydra and Payload)

Honeypot : UbuntuGlastopf - Web Application

Honeypot Phpmyadmin_honeypot - A

simple and effective phpMyAdmin honeypot

HONEYPOT - Chandrak & Parbodh 8

Brute Force Attack

HONEYPOT - Chandrak & Parbodh 9

Brute Force Attack

HONEYPOT - Chandrak & Parbodh 10

HONEYPOT - Chandrak & Parbodh 11

DoS Attack

HONEYPOT - Chandrak & Parbodh 12

DoS Attack

HONEYPOT - Chandrak & Parbodh 13

DoS Attack

HONEYPOT - Chandrak & Parbodh 14

Other type of Attacks • Command Injection Attack

• Local File Inclusion Attack

• Remote File Inclusion Attack

• SQL injection Attack

HONEYPOT - Chandrak & Parbodh 15