All Sites

» An Evening with Berferd

A hacker is lured, endured, and studied. One of the first examples of a honeypot. First published in 1992.

http://all.net/books/berferd/berferd.html

» Anton Chuvakin Honeynet

Live honeynet status data, papers produced as a result of research, and other related resources.

http://www.chuvakin.com/honeynet/

» Basted

A program that acts as a honeypot for spammers who use spambots to harvest email addresses from Web sites.

http://basted.sourceforge.net/

» Building a GenII Honeynet Gateway

A short guide to build a GenII Honeynet Gateway, also called a Honeywall, under Linux, broaching the most common problems and providing several solutions and tips.

http://www.honeynet.org.es/papers/honeywall/

» Deception ToolKit (DTK)

A toolkit designed to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities.

http://all.net/dtk/index.html

» Deploying and Using Sinkholes

Configuring and deploying Sink Hole Routers, which are the network equivalent of a honey pot. [PDF]

http://www.arbornetworks.com/dmdocuments/Sinkhole_Tutorial_June03.pdf

» Glastopf Honeypot Project Page

Glastopf is a small Python webserver which emulates thousands of web application vulnerabilities.

http://glastopf.org/

» Google Hack Honeypot (GHH)

Emulates a vulnerable web application by allowing itself to be indexed by search engines. Project information and free download.

http://sourceforge.net/projects/ghh/

» HoneyBOT

A free windows based medium interaction honeypot solution.

http://www.atomicsoftwaresolutions.com/honeybot.php

» HoneyNet Project

A community of organizations actively researching, developing and deploying Honeynets and sharing the lessons learned.

http://project.honeynet.org/

» HoneySink: Beta Release | The Honeynet Project

HoneySink is an open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.

http://www.honeynet.org/node/773

» Honeybee

A tool for semi-automatically creating emulators of network server applications.

http://www.thomas-apel.de/honeybee/

» Honeyblog

A weblog about with IT-security, honeypots, and honeynets.

http://honeyblog.org/

» Honeycomb

A system for automated generation of signatures for network intrusion detection systems (NIDSs).

http://www.icir.org/christian/honeycomb/

» Honeyd

Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet, for network monitoring, or as a spam trap. For *BSD, GNU/Linux, and Solaris.

http://www.citi.umich.edu/u/provos/honeyd/

» Honeyd Control Center

Honeyd configuration wizard, a SQL Interface, and reports.

http://old.zope.org/Members/Ioan/HoneydCenter/

» Honeynet.BR

Brazilian Honeypots Alliance. Includes tools to summaries honeyd logs, mydoom.pl (A Perl script which emulates the backdoor installed by the Mydoom virus), and an OpenBSD LiveCD Honeypot.

http://www.honeynet.org.br/

» Honeypot (computing) - Wikipedia

Brief encyclopedia article describing Honeypots.

http://en.wikipedia.org/wiki/Honeypot_(computing)

» Honeypots

Information covering intrusion detection and prevention systems, research and production honeypots, and incident handling. Also provides general overview of network security issues.

http://www.honeypots.net/

» Honeypots: Monitoring and Forensics Project

Techniques, tools and resources for conducting Honeypot Research and Forensic Investigation. White papers include monitoring VMware honeypots, apache web server honeypots, and VMware honeypot forensics.

http://honeypots.sourceforge.net/

» Honeypots: Tracking Hackers

White papers, mailing list and other resources related to honeypots.

http://www.tracking-hackers.com/

» Honeypotting: The Complete Documentation

Index of over 75 papers on Honeypots.

http://l0t3k.org/security/docs/honeypotting/en/

» Honeywall CDROM

A honeynet gateway on a bootable CDROM.

http://www.honeynet.org/project/HoneywallCDROM

» Impost

Impost can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates with connecting clients; or it can operate as a packet sniffer and monitor incoming data to specified destination port supplied by the command-line arguments (pre-release version available).

http://impost.sourceforge.net/

» KeyFocus - KF Sensor - Honey pot IDS

A Windows honeypot designed to attract and detect hackers by simulating vulnerable system services and trojans.

http://www.keyfocus.net/kfsensor/

» Know Your Enemy: GenII Honeynets

An Introduction to second generation honeynets (honeywalls).

http://www.honeynet.org/papers/gen2/

» LaBrea Tarpit

A program that creates a tarpit or, as some have called it, a "sticky honeypot".

http://labrea.sourceforge.net/

» Medium Interaction Honeypots

Document outlines the weaknesses of different existing approaches to catch malware – especially bots – and shows how Medium Interaction Honeypots solves these problems. [pdf]

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.133.9431&rep=rep1&type=pdf

» MicroSolved, Inc.

Seller of HoneyPoint family of products.

http://microsolved.com/

» Nepenthes

A low interaction honeypot designed to emulate vulnerabilties worms use to spread, and to capture these worms.

http://www.mwcollect.org/

» NoAH

European Network of Affiliated Honeypots.

http://www.fp6-noah.org/

» Norwegian Honeynet Project

Aninternational, non-profit (501c3) research organization dedicated to improving the security of the Internet at no cost to the public.

http://www.honeynor.no/

» Open Proxy Honeypot

Web Application Security Consortium Distributed Open Proxy Honeypot Project.

http://www.webappsec.org/projects/honeypots/

» Project Honey Pot: Distributed Spam Harvester Tracking Network

A free, distributed, open-source project to help website administrators track, stop, and prosecute spam harvesters stealing email addresses from their sites.

http://www.projecthoneypot.org/

» SCADA HoneyNet Project

SCADA HoneyNet Project: Building Honeypots for Industrial Networks (SCADA, DCS, and PLC architectures).

http://scadahoneynet.sourceforge.net/

» SecurityFocus: Defeating Honeypots: System Issues, Part 1

This two-part paper discusses how hackers discover, interact with, and sometimes disable honeypots at the system level and the application layer.

http://www.securityfocus.com/infocus/1826

» SourceForge.net: Project - HoneyView

A tool to analyze honeyd-logfiles of the honeyd-daemon. Generates graphical and textual results from queries against the logfile data.

http://sourceforge.net/projects/honeyview

» Spampoison

Website set up to deliver almost infinite numbers of bogus email addresses to email harvesting bots.

http://www.spampoison.com/

» Spanish Honeynet Project

Independent non-profit research organization of security professionals dedicated to information security focused on honeynet technologies.

http://www.honeynet.org.es/

» Sysenter Honeynet Project

A volunteer no-profit research organization. Aim is to provide information about emerging security threats and vulnerabilities active in the wild in order to learn tools, tactics, and motives of the blackhat community and to share such information with IT community in order to improve the security of the Internet.

http://www.sysenter-honeynet.org/

» Talisker Security Wizardry: Honeypots

Describes different commercial and freeware honeypots.

http://www.securitywizardry.com/honeypots.htm

» The Bait and Switch Honeypot System

A system that redirects all hostile traffic from your production systems to a honeypot that is a partial mirror of your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data.

http://baitnswitch.sourceforge.net/

» The Honeypot Project

Watch captured hacks, IP details, How they hacked the honeypot, network owners responses.

http://honeypot.jayscott.co.uk/

» The Strider HoneyMonkey Project

Microsoft Research project to detect and analyze Web sites hosting malicious code using client-side honeypots.

http://research.microsoft.com/HoneyMonkey/

» The Team Cymru Darknet Project

A Darknet is a portion of routed, allocated IP space in which no active services or servers seemingly reside. However, there is in fact include at least one server for real-time analysis or post-event network forensics.

http://www.cymru.com/Darknet/

» Thug low-interaction honeyclient

A Python low-interaction honeyclient aimed at mimicing the behavior of a web browser in order to detect and emulate malicious contents

http://buffer.github.com/thug/

» Tiny Honeypot (thp)

A simple honey pot program based on iptables redirects and an xinetd listener.

http://freshmeat.net/projects/thp/

» UK Honeynet Project

Provides information surrounding security threats and vulnerabilities active in the wild on UK networks. Home of Honeysnap, tool to analyse Honeywall pcap files and extract summary information.

http://www.ukhoneynet.org/

» WebMaven (Buggy Bank)

WebMaven is an intentionally broken web application. It is intended to be used in a safe legal environment (your own host) as a training tool, as a basic benchmark platform to test web application security scanners and as a Honeypot.

http://www.mavensecurity.com/webmaven

» Wikipedia: Client Honeypot

Encyclopedia article about the security devices, including several examples.

http://en.wikipedia.org/wiki/Client_honeypot

» fakeAP

Generates thousands of counterfeit 802.11b access points for use as part of a honeypot or to confuse Wardrivers, NetStumblers, Script Kiddies, and other undesirables.

http://www.blackalchemy.to/project/fakeap/

» kippo - SSH Honeypot - Google Project Hosting

A medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

http://code.google.com/p/kippo/

» spank

A collection of programs to deploy, run and analyse network and host simulations in IP networks.

http://spank.sourceforge.net/

» Know your Enemy: Phishing

This white paper aims to provide practical information on the practice of phishing and draws on data collected by the German Honeynet Project and UK Honeynet Project. (May 16, 2005)

http://www.honeynet.org/papers/phishing/

» Know Your Enemy

A series of white papers describing the concepts and technology of the Honeynet Project and Research Alliance and sharing lessons learned. (May 09, 2005)

http://www.honeynet.org/papers/

» Honeynet.org: Tracking Botnets

Paper on the use of honeynets to learn more about botnets. Covers uses of botnets, how they work and how to track them. (March 05, 2005)

http://www.honeynet.org/papers/bots/

» SecurityFocus: Defeating Honeypots - Network issues, Part 1

Article discussing methods hackers use to detect honeypots. (September 28, 2004)

http://www.securityfocus.com/infocus/1803

» SecurityFocus: Wireless Honeypots

Article discussing the use of honeypot technology to combat attacks on wireless networks. (February 13, 2004)

http://www.securityfocus.com/infocus/1761

» SecurityFocus: Problems and Challenges with Honeypots

Article discussing issues with Honeypot technology, focusing on dealing with the possibility of your Honeypot being detected (and potentially abused) by an attacker. (January 14, 2004)

http://www.securityfocus.com/infocus/1757

» Securityfocus: Fighting Spammers With Honeypots

This paper evaluates the usefulness of using honeypots to fight spammers. (November 26, 2003)

http://www.securityfocus.com/infocus/1747

» SecurityFocus: Fighting Internet Worms With Honeypots

This paper evaluates the usefulness of using honeypots to fight Internet worms and perform counterattacks. (October 23, 2003)

http://www.securityfocus.com/infocus/1740

» SecurityFocus: Dynamic Honeypots

Honeypots that dynamically learn your network then deploy virtual honeypots that adapt to your network. (September 15, 2003)

http://www.securityfocus.com/infocus/1731

» SecurityFocus: Honeypot Farms

This article is about deploying and managing honeypots in large, distributed environments through the use of Honeypot Farms. (August 03, 2003)

http://www.securityfocus.com/infocus/1720

» SecurityFocus: Honeytokens -The Other Honeypot

This paper discusses honeytokens, honeypots that are not computers, but rather digital entities that are stored in a restricted part of the network. (July 21, 2003)

http://www.securityfocus.com/infocus/1713

» Honeypotting with VMware

An article about how to use VMware to produce honeypots to catch system intruders. (February 05, 2002)

http://www.seifried.org/security/ids/20020107-honeypot-vmware-basics.html

» Honeypot + Honeypot = Honeynet

Article discussing the creation of the Honeynet Project. (September 24, 2001)

http://www.eweek.com/c/a/IT-Management/Honeypot-Honeypot-Honeynet/