Linux 101 : Simple HoneyPot using Netcat

Setting up a honeypot with netcat: 

Honeypots are computer environments used as a "bait" to detect unauthorized access attempts.

Setting up a directory for our Honeypot:

We get in our directory

We create the file where the logs would go:

We then set the right access rights for the log file:

Creating a banner:

When the Honeypot is accessed, the below banner is displayed.
We put our banner in the "/honeypot/banner.txt":

The bash script:

The script that runs an infinite loop in the background waiting for a connection the port netcat opens:

>> : append to the end of the file

The standard output (stdout) - number "1" in the script - and error output (stderr) - number "2" in the script - are appended to the log file "
The IP addrress which netcat  outputs is also added to the logfile.
The script access the port number as a parameter "$1".

Once a user connects to the port, the banner in the "banner.txt" is displayed.
We also add the date and time of the connection to the log file.

Executing the bash script:

We make the script executable using the below command:

We start the script using the below command:

When we connect from the host using the below command:

We see the banner, then the connection ends.
We can then check from log file "honeypot.log" the details of  the connection attempt.


Leave as a comment: