jraff1
Posts: 11
Joined: Wed Dec 21, 2011 11:58 pm

Honey Pots Tar Pits

Tue Aug 07, 2012 6:46 pm

This just came to me while reading; :D
http://www.computerworld.com/s/article/ ... ually_work
10 crazy IT security tricks that actually work,

http://www.infoworld.com/d/security-cen ... curity-165
Honeypots - Intrusion detection honeypots simplify network security

http://labrea.sourceforge.net/labrea-info.html
Tarpits - LaBrea: "Sticky" Honeypot and IDS

Using Raspberry Pi and other server like devices, sprinkle them all over one's network on all entrance ports and access p... and gateways
They are cheap, really cheap, can be programmed to slow down one's attackers and mal contents and report on the activities.

section5
Posts: 3
Joined: Mon Feb 13, 2012 6:32 pm

Re: Honey Pots Tar Pits

Tue Aug 07, 2012 9:48 pm

Great idea, and good reading. I would think the Rpi would be a great for this task and like you said you could have a large number of them up and running compared to actual servers. You could easily make a net of them for any network.

maverickit
Posts: 3
Joined: Mon Nov 26, 2012 10:55 am

Re: Honey Pots Tar Pits

Mon Nov 26, 2012 11:12 am

does anyone try to install dionaea or others honeypot such as kippo on a Raspberry Pi? It could be veeeery cool! ;)

pinkman
Posts: 8
Joined: Sun Jan 13, 2013 5:54 pm

Re: Honey Pots Tar Pits

Mon Feb 18, 2013 2:20 pm

Hi,

I just tried to install honeytrap which is great honeypot software imho.
Unfortunately it does not run properly on the Raspberry Pi.
At first after config errors occure while running make and make install:

Code: Select all

make  all-recursive
make[1]: Entering directory `/home/pi/honeytrap'
Making all in doc
make[2]: Entering directory `/home/pi/honeytrap/doc'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/home/pi/honeytrap/doc'
Making all in src
make[2]: Entering directory `/home/pi/honeytrap/src'
Making all in modules
make[3]: Entering directory `/home/pi/honeytrap/src/modules'
make[4]: Entering directory `/home/pi/honeytrap/src/modules'
/bin/sh ../../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../   -Wall -Werror -g -O2 -Wall -c -o htm_b64Decode.lo htm_b64Decode.c
 gcc -DHAVE_CONFIG_H -I. -I../.. -I../ -Wall -Werror -g -O2 -Wall -c htm_b64Decode.c  -fPIC -DPIC -o .libs/htm_b64Decode.o
htm_b64Decode.c: In function 'decode':
htm_b64Decode.c:99:79: error: array subscript is above array bounds [-Werror=array-bounds]
htm_b64Decode.c:92:9: error: array subscript is above array bounds [-Werror=array-bounds]
cc1: all warnings being treated as errors
make[4]: *** [htm_b64Decode.lo] Error 1
make[4]: Leaving directory `/home/pi/honeytrap/src/modules'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/home/pi/honeytrap/src/modules'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/pi/honeytrap/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/pi/honeytrap'
make: *** [all] Error 2
When making and installing with option "-i" to ignore errors honeytrap seems to get installed but after all you cannot run it:

Code: Select all

sudo: honeytrap: command not found
I have no clue about how to fix these errors to get "make" run correctly.
So I am going to check out dionaea at the next opportunity.

If you have any new information or experience in the meantime, please post it ;-)

User avatar
Thijxx
Posts: 86
Joined: Mon Oct 22, 2012 1:25 pm
Location: The Netherlands

Re: Honey Pots Tar Pits

Mon Feb 18, 2013 3:37 pm

The guy "Chris Taylor" who wrote the software (?did he?) tried to have honeypot added to the Debian
http://us.generation-nt.com/answer/rfs- ... 96281.html

Also, his request was open for MANY years, cannot find any recent news about him or Honeypot, hope the guy is doing well but his software seems to be dead :?

There are plenty of alternative, people say, this one is an instable package:
http://packages.debian.org/sid/tinyhoneypot

And this one is stable, eveything, should be easy to install :D (I know it's never easy)
http://packages.debian.org/squeeze/honeyd
Mimi: Where'd you come from?
Doyle: My mom and the authorities are still trying to figure that out.

pinkman
Posts: 8
Joined: Sun Jan 13, 2013 5:54 pm

Re: Honey Pots Tar Pits

Thu Feb 21, 2013 2:52 pm

Yes, honeytrap seems not to be developed actively any more. What a pitty! It's features sounded promising to my ears.

I tried dionaea but this one seems a little to inflexible or not well-documented as it took some brain to install and afterwards did not find anything. Althoug I am missing an option to specify the interface or ip range dionaea should listen to. Maybe I misconfigured, but as said: I did not find a guideline to this. Dionaea runs, but nobody knows what it does.
Thijxx wrote:And this one is stable, eveything, should be easy to install :D (I know it's never easy)
http://packages.debian.org/squeeze/honeyd
I agree! honeyd should be easy to install via apt-get. Unfortunately there is no package for the acutal version of raspbian. Hence, there is no installation candidate and I have to compile it from source.
I hope to report on this in the near future again.

For now there does not seem to be an easy solution for turning the raspberry pi into a honeypot.

User avatar
ManiacTwister
Posts: 3
Joined: Wed Nov 28, 2012 11:06 pm

Re: Honey Pots Tar Pits

Tue Feb 26, 2013 1:52 am

I'm running dionaea on my raspberry pi and it works fine.
I've made some dionaea packages for raspbian also - a little tutorial how to use them can be found here: http://maniactwister.de/b/aazlvr (German, I'll translate it very soon)
pinkman wrote:Maybe I misconfigured, but as said: I did not find a guideline to this. Dionaea runs, but nobody knows what it does.
Yea, i agree. Dionaea needs a better documentation, but it's a very nice working honeypot.

cheers

craiginb
Posts: 4
Joined: Sun Apr 14, 2013 12:22 am

Re: Honey Pots Tar Pits

Sun Apr 14, 2013 1:03 am

I tried your install but get several errors about libraries and compiler tools.
For instance I get an error about bison and I can't find any information about how to install it for Raspbian.
I aslo get a message that the libcurl4-openssl-dev is not available but the debian library list still shows it as latest build.

User avatar
ManiacTwister
Posts: 3
Joined: Wed Nov 28, 2012 11:06 pm

Re: Honey Pots Tar Pits

Sun Apr 14, 2013 7:25 am

How does you sources.list looks like?

Code: Select all

cat /etc/apt/sources.list
bison is available in my repository and libcurl4-openssl-dev in the official raspbian repo..

craiginb
Posts: 4
Joined: Sun Apr 14, 2013 12:22 am

Re: Honey Pots Tar Pits

Sun Apr 14, 2013 12:15 pm


craiginb
Posts: 4
Joined: Sun Apr 14, 2013 12:22 am

Re: Honey Pots Tar Pits

Sun Apr 14, 2013 12:18 pm

apt-get install libglib2.0-dev libssl-dev libcurl4-openssl-dev libreadline-dev libsqlite3-dev libtool automake autoconf build-essential subversion git-core flex bison pkg-config libnl-3-dev libnl-genl-3-dev libnl-nf-3-dev libnl-route-3-dev liblcfg libemu libev dionaea-python dionaea-cython libpcap udns dionaea

below is what i get when I execute that command set.
root@raspberrypi:/home/pi# apt-get install libglib2.0-dev libssl-dev libcurl4-openssl-dev libreadline-dev libsqlite3-dev libtool automake autoconf build-essential subversion git-core flex bison pkg-config libnl-3-dev libnl-genl-3-dev libnl-nf-3-dev libnl-route-3-dev liblcfg libemu libev dionaea-python dionaea-cython libpcap udns dionaea
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package autoconf is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

Package libtool is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

Package flex is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

Package bison is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

Package libglib2.0-dev is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
libglib2.0-0

E: Package 'libglib2.0-dev' has no installation candidate
E: Unable to locate package libssl-dev
E: Unable to locate package libcurl4-openssl-dev
E: Unable to locate package libreadline-dev
E: Unable to locate package libsqlite3-dev
E: Package 'libtool' has no installation candidate
E: Unable to locate package automake
E: Package 'autoconf' has no installation candidate
E: Unable to locate package subversion
E: Unable to locate package git-core
E: Package 'flex' has no installation candidate
E: Package 'bison' has no installation candidate
E: Unable to locate package libnl-3-dev
E: Unable to locate package libnl-genl-3-dev
E: Unable to locate package libnl-nf-3-dev
E: Unable to locate package libnl-route-3-dev
Last edited by craiginb on Sun Apr 14, 2013 12:34 pm, edited 1 time in total.

User avatar
ManiacTwister
Posts: 3
Joined: Wed Nov 28, 2012 11:06 pm

Re: Honey Pots Tar Pits

Sun Apr 14, 2013 12:32 pm

The raspbian repository isn't in your sources list.. please add this line to your sources.list

Code: Select all

sudo echo "deb http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi" >> /etc/apt/sources.list
and run:

Code: Select all

apt-get update 
Afterwards try the apt-get install .... command again. If it doesn't work post the full output of the command here please.

craiginb
Posts: 4
Joined: Sun Apr 14, 2013 12:22 am

Re: Honey Pots Tar Pits

Sun Apr 14, 2013 1:10 pm

Excelent!

pspears
Posts: 1
Joined: Wed Aug 14, 2013 5:13 pm

Re: Honey Pots Tar Pits

Wed Aug 14, 2013 5:16 pm

Has anyone tried Tiny Honeypot on the rasberry? It would be a more general honeypot. I can see these sprinkled throughout the network all logging back to a central syslog or even SIEM.

Also I found Honeeepi which seems promising but not yet released.

Return to “Networking and servers”