- Honeyd
Honeyd is an open source computer program that allows a user to set up and run multiple
virtual host s on acomputer network . These virtual hosts can be configured to mimic several different types of servers, allowing the user to simulate an infinite number of computer network configurations. Honeyd is primarily used in the field ofcomputer security by professionals and hobbyists alike, and is included as part of Knoppix Security Tools Distribution.Primary Applications
Distraction
Honeyd is used primarily for two purposes. Using the software's ability to mimic many different network hosts at once (up to 65536 hosts at once), Honeyd can act as a distraction to potential hackers. If a network only has 3 real servers, but one server is running Honeyd, the network will appear running hundreds of servers to a hacker. The hacker will then have to do more research (possibly through social engineering) in order to determine which servers are real, or the hacker may get caught in a honeypot. Either way, the hacker will be slowed down or possibly caught.
Honeypot
Honeyd gets its name for its ability to be used as a honeypot. On a network, all normal traffic should be to and from valid servers only. Thus, a network administrator running Honeyd can monitor his/her logs to see if there is any traffic going to the virtual hosts set up by Honeyd. Any traffic going to these virtual servers can be considered highly suspicious. The network administrator can then take preventative action, perhaps by blocking the suspicious
IP address or by further monitoring the network for suspicious traffic.External links
* [http://www.honeyd.org/ Official Website]
Wikimedia Foundation. 2010.
