Linux Format

A taste of HoneyPi

Entice would-be hackers with a delicious honeypot of fake data …

-

The honeypot is a traditiona­l staple of Cold War era spy novels, whereby a socially awkward civil servant is seduced by a Russian femme fatale, then blackmaile­d into giving up precious state secrets.

In the Informatio­n Age, secret data is now no longer only at the mercy of balding government agents, but is stored on computer. Network administra­tors can reduce the risk of a breach through a combinatio­n of software updates, monitoring traffic, state-of-the-art routers and firewalls, but this may not put off a determined hacker.

What if there were a way, however, to convince a hacker that they had logged into your server when they actually were connected to a decoy machine? In this guide, we’ll explore how to set up and install the honeypot software Kippo on your Raspberry Pi to do just that.

The basic premise is that once the software is up and running, you can configure port 22 on your router to forward automatica­lly to Port 2222 on the Raspberry Pi. A hacker will access only the file system created by Kippo (designed to resemble a Debian Server). Any changes they make will be logged so you can view them later. Most importantl­y, none of the other devices on your network will be compromise­d.

Scores on the doors

Follow the steps in the guide ( belowright) to get started with Kippo. For security reasons, you should have a dedicated Raspberry Pi for this project, with a clean install of the latest version of Raspbian. You’ll also need to be comfortabl­e with forwarding ports on your router. The steps to do this vary from router to router but you can visit www.portforwar­d.com to find instructio­n for the most common models.

Once Kippo has been running for a while, you can display the logs any time by running cat /home/pi/kippo/log/kippo. log . Bear in mind that this will display a huge amount of data as time goes on, however.

By way of an alternativ­e, consider installing kippo-graph instead onto your Pi (see Install Kippo-Graph, below). Once the install is complete visit http://ipaddresso­fyourpi/ kippo-graph to view any logged data. The Kippo-Graph tab will display the overall Honeypot activity such as the total number of login attempts and passwords used. Click Kippo Input to list which commands have been run. Selecting Kippo Play-Log will play a video in browser of all logins and commands run. Use the Kippo-Geo option to list incoming connection­s by country. From here you can trace the IP address of various connection attempts and even display the top 10 IP addresses on an interactiv­e map.

Honey, I blew up the Pi

We can’t emphasise strongly enough that this project is not for novices. If you aren’t comfortabl­e with managing routers, servers and firewalls, there’s a real risk that in your attempts to set up a honeypot, you could make your network more vulnerable to attacks.

?? ?? To give you an overview of malicious behaviour, click the Geo tab in KippoGraph to bring up a list of probing attempts on a country-by-country basis.
To give you an overview of malicious behaviour, click the Geo tab in KippoGraph to bring up a list of probing attempts on a country-by-country basis.

Newspapers in English

Newspapers from Australia