Once you have it all set up, secured, tested and running don't forget to share the data with us, especially if you install Kippo įrom my observations, don't expect a massive amount of interaction with your home honeypot, but you will see plenty of scanning activity. Other than who doesn't like to sifted through packet captures during downtime, there are times capturing the full stream provides insights and additional options (like running it through your IDS of choice) on the connections being made to you.
As additional step, I like to install tcpdump and plug in a Linux formatted 4Gb USB drive in to the Pi and then do full packet capture of any traffic that is directed to the Pi's interface to the USB drive.
#Install tcpdump raspian how to
Again, guides on how to set these up litter the intertubes, so take your pick. These are plenty of install guides to install the OS (I like using Raspbian), secure it then, drop your pick, or mix, of honeypot such as Kippo, Glastopf or Dionaea on it. The Raspberry Pi is a credit-card sized computer, which can be hidden away out of sight easily, has a very low power consumption and is silent but works very well for a home honeypot. There's plenty of ways to set up a honeypot, but a inexpensive way is to set up one up at home is with a Raspberry Pi. If you have an always on internet connection, having a honeypot listening to what is being sent your way is never bad idea. In this Diary I'm going to highlight a fairly simple and cost effective way of rolling those together.
In numerous previous Diaries, my fellow Internet Storm Center Handlers have talk on honeypots, the values of full packet capture and value of sharing any attack data.
0 kommentar(er)
