  |
Project Honey Pot: Distributed Spam Harvester Tracking Network - http://www.projecthoneypot.org/
A free, distributed, open-source project to help website administrators track, stop, and prosecute spam harvesters stealing email addresses from their sites. |
| |
HoneyNet Project - http://project.honeynet.org/
A community of organizations actively researching, developing and deploying Honeynets and sharing the lessons learned. |
| |
New Zealand Honeynet project - http://www.nz-honeynet.org
Papers and information on honeypots, especially application layer, e.g. PHP applications, from the New Zealand branch of the Honeynet project (http://www.honeynet.org/). |
| |
NoAH - http://www.fp6-noah.org/
European Network of Affiliated Honeypots. |
| |
Honeynet.org: Tracking Botnets - http://www.honeynet.org/papers/bots/
Paper on the use of honeynets to learn more about botnets. Covers uses of botnets, how they work and how to track them. |
| |
Nepenthes - http://nepenthes.mwcollect.org/
A low interaction honeypot designed to emulate vulnerabilties worms use to spread, and to capture these worms. |
| |
SecurityFocus: Defeating Honeypots: System Issues, Part 1 - http://www.securityfocus.com/infocus/1826
This two-part paper discusses how hackers discover, interact with, and sometimes disable honeypots at the system level and the application layer. |
| |
Back Officer Friendly - http://www.nfr.com/resource/backOfficer.php
Created to detect when anyone attempts a Back Orifice scan against your computer. Also detects attempted connections to other services, such as Telnet, FTP, SMTP, POP3 and IMAP2. |
| |
Honeyd - http://www.citi.umich.edu/u/provos/honeyd/
Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet, for network monitoring, or as a spam trap. For *BSD, GNU/Linux, and Solaris. |
| |
SecurityFocus: Defeating Honeypots - Network issues, Part 1 - http://www.securityfocus.com/infocus/1803
Article discussing methods hackers use to detect honeypots. |
| |
Honeywall - https://projects.honeynet.org/honeywall
The Honeywall CDROM is a bootable CD that installs onto a hard drive and comes with all the tools and functionality for you to implement data capture, control and analysis. |
| |
MicroSolved, Inc. - http://microsolved.com/
Seller of HoneyPoint family of products. |
| |
Honeywall CDROM - http://www.honeynet.org/tools/cdrom/
A honeynet gateway on a bootable CDROM. |
| |
GHH - The "Google Hack" Honeypot - http://ghh.sourceforge.net/
GHH emulates a vulnerable web application by allowing itself to be indexed by search engines. It is hidden from casual page viewers, but is found through the use of a crawler or search engine. |
| |
fakeAP - http://www.blackalchemy.to/project/fakeap/
Generates thousands of counterfeit 802.11b access points for use as part of a honeypot or to confuse Wardrivers, NetStumblers, Script Kiddies, and other undesirables. |
| |
Honeypots - http://www.honeypots.net/
Information covering intrusion detection and prevention systems, research and production honeypots, and incident handling. Also provides general overview of network security issues. |
| |
Honeypots: Tracking Hackers - http://www.tracking-hackers.com/
White papers, mailing list and other resources related to honeypots. |
| |
Honeyblog - http://honeyblog.org/
A weblog about with IT-security, honeypots, and honeynets. |
| |
The Team Cymru Darknet Project - http://www.cymru.com/Darknet/
A Darknet is a portion of routed, allocated IP space in which no active services or servers seemingly reside. However, there is in fact include at least one server for real-time analysis or post-event network forensics. |
| |
UK Honeynet Project - http://www.ukhoneynet.org/
Provides information surrounding security threats and vulnerabilities active in the wild on UK networks. Home of Honeysnap, tool to analyse Honeywall pcap files and extract summary information. |
| |
Honeynet.BR - http://www.honeynet.org.br/
Brazilian Honeypots Alliance. Includes tools to summaries honeyd logs, mydoom.pl (A perl script which emulates the backdoor installed by the Mydoom virus), and an OpenBSD LiveCD Honeypot. |
| |
SecurityFocus: Honeytokens -The Other Honeypot - http://www.securityfocus.com/infocus/1713
This paper discusses honeytokens, honeypots that are not computers, but rather digital entities that are stored in a restricted part of the network. |
| |
An Evening with Berferd - http://all.net/books/berferd/berferd.html
A hacker is lured, endured, and studied. One of the first examples of a honeypot. First published in 1992. |
| |
Know Your Enemy: GenII Honeynets - http://www.honeynet.org/papers/gen2/
An Introduction to second generation honeynets (honeywalls). |
| |
Honeycomb - http://www.cl.cam.ac.uk/~cpk25/honeycomb/index.html
A system for automated generation of signatures for network intrusion detection systems (NIDSs). |
| |
Installing a Virtual Honeywall using VMware - http://www.honeynet.org.es/papers/vhwall/
This paper explains how to go about configuring VMware to deploy a Honeywall, combining the advantages offered by the Honeywall CDROM and the virtual environments. |
| |
Deception ToolKit (DTK) - http://all.net/dtk/index.html
A toolkit designed to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities. |
| |
Honeynet Security Console (HSC) - http://www.activeworx.org/
HSC is an analysis tool to view events on your personal honeynet. View and correlate events from Snort, TCPDump, Firewall, Syslog and Sebek logs. |
| |
Philippine Honeynet Project, Philippines - http://www.philippinehoneynet.org
Philippine Honeynet Project. Includes transcript of a VMWare Honeynet using Windows XP / Windows 2000 as the base OS. |
| |
Anton Chuvakin Honeynet Reseach and Live Stats - http://www.chuvakin.com/honeynet/
Live honeynet data, papers produced as a result of the honeynet research and other honeypot and honeynet related resources. |
| |
WebMaven (Buggy Bank) - http://www.mavensecurity.com/webmaven
WebMaven is an intentionally broken web application. It is intended to be used in a safe legal environment (your own host) as a training tool, as a basic benchmark platform to test web application security scanners and as a Honeypot. |
| |
SecurityDocs - Honeypots - http://www.securitydocs.com/Intrusion_Detection/Honeypots
Directory of articles, white papers, and documents on honeypots and other security topics. |
| |
SourceForge.net: Project - HoneyView - http://sourceforge.net/projects/honeyview
A tool to analyze honeyd-logfiles of the honeyd-daemon. Generates graphical and textual results from queries against the logfile data. |
| |
Honeyd Control Center - http://zope.org/Members/Ioan/HoneydCenter
Honeyd configuration wizard, a SQL Interface, and reports. |
| |
Talisker Security Wizardry: Honeypots - http://www.securitywizardry.com/honeypots.htm
Describes different commercial and freeware honeypots. |
| |
Honeypots: Monitoring and Forensics Project - http://honeypots.sourceforge.net/
Techniques, tools and resources for conducting Honeypot Research and Forensic Investigation. White papers include monitoring VMware honeypots, apache web server honeypots, and VMware honeypot forensics. |
| |
Honeybee - http://www.thomas-apel.de/honeybee/
A tool for semi-automatically creating emulators of network server applications. |
| |
thp - Tiny Honeypot - http://www.alpinista.org/thp/
A simple honey pot program based on iptables redirects and an xinetd listener. |
| |
The Bait and Switch Honeypot System - http://baitnswitch.sourceforge.net/
A system that redirects all hostile traffic from your production systems to a honeypot that is a partial mirror of your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data. |
| |
SécurIT - http://securit.iquebec.com/
LogIDS, LogAgent, SécurIT Intrusion Detection Toolkit, and ComLog (a cmd.exe wrapper) |