Linux 101 : Simple HoneyPot using Netcat
Honeypots are computer environments used as a "bait" to detect unauthorized access attempts.
Setting up a directory for our Honeypot:
We get in our directory
We create the file where the logs would go:
We then set the right access rights for the log file:
Creating a banner:
When the Honeypot is accessed, the below banner is displayed.
We put our banner in the "/honeypot/banner.txt":
The bash script:
The script that runs an infinite loop in the background waiting for a connection the port netcat opens:
>> : append to the end of the file
The standard output (stdout) - number "1" in the script - and error output (stderr) - number "2" in the script - are appended to the log file "honeypot.log".
The IP addrress which netcat outputs is also added to the logfile.
The script access the port number as a parameter "$1".
Once a user connects to the port, the banner in the "banner.txt" is displayed.
We also add the date and time of the connection to the log file.
Executing the bash script:
We make the script executable using the below command:
We start the script using the below command:
When we connect from the host using the below command:
We can then check from log file "honeypot.log" the details of the connection attempt.
Comments