Embed Size (px)
Citation preview
HOW TO SET UP HONEYBOT
IN WINDOWS
Arnab Kumar Saha
Cybersecurityspace.com
How to Set up HoneyBOT in Windows:
1 ABOUT HONEYBOT
HoneyBOT is a medium interaction honeypot for windows. A honeypot creates a safe environment to
capture and interact with unsolicited and often malicious traffic on a network. HoneyBOT is an easy to
use solution ideal for network security research or as part of an early warning IDS. The logging capability
of a honeypot is far greater than any other network security tool and captures raw packet level data
even including the keystrokes and mistakes made by hackers. The captured information is highly
valuable as it contains only malicious traffic with little to no false positives. Honeypots are becoming one
of the leading security tools used to monitor the latest tricks and exploits of hackers by recording their
every move so that the security community can more quickly respond to new exploits.
2 HOW HONEYBOT WORKS
HoneyBOT works by opening a range of listening sockets on your computer which are designed to mimic
vulnerable services. When an attacker connects to these services they are fooled into thinking they are
attacking a real server. The honeypot safely captures all communications with the attacker and logs
these results for future analysis. Should an attacker attempt an exploit or upload a rootkit or trojan to
the server the honeypot environment can safely store these files on your computer for malware
collection and analysis purposes.
3 HOW TO DOWNLOAD
Step1: Go to http://www.atomicsoftwaresolutions.com/ .Atomic software solution is the developer of Honeybot. There are two versions of Honeybot.
1. Professional which is paid 2. Academic which is Free.
Step 2: Go to 2nd one and click on Download Now
4 HOW TO INSTALL HONEYBOT Step 1: Open the Downloaded file.
Step 2: Click next and accept the License agreement.
Step 3: Select the destination Location where you want to install.
Step 4: Select Additional Task suck as Create desktop icon etc. and press next.
Step 5: Click install. Step 6: Finish Installation.
5 SET UP AFTER INSTALLATION Step 1: After Installation it will ask to launch honeybot. Press Yes.
Step 2: Set general settings as per your choice. Capture Binaries sometimes helps you to capture malware and will put in a folder.
Step 3: We can set the email alert to know information quickly.
Step 4: We can export the log files to CSV format or upload it to server. But if someone wants to keep it private they can deselect the upload option.
Step 5: It is recommended to always check for updates. Step 6: It will take some time to update.
Step 7: When multiple network adapters are being detect you can select a particular IP or you can listen all ports.
Step 8: Stop the engine and click on whitelist. It contains the list of IP or ports that user don’t wants to listen. May be it is used in internal network or some other purpose.
Step 9: We can see what particular services honeybot try to emulate by clicking on Service button.We can also configure it.s Step 10: The actual list will look something like this.
Step 11: we can check the log of each and every packet. By just clicking on it.
6 SUMMERY
As we have seen that Honeybot is a very powerful and useful tool to monitor malicious traffic. Not only that, it is useful to trace the hacker also. And the downloading, Installation and setup process is also very easy. We can also use wireshark for detailed information.
