A taste of HoneyPi
Entice would-be hackers with a delicious honeypot of fake data …
The honeypot is a traditional staple of Cold War era spy novels, whereby a socially awkward civil servant is seduced by a Russian femme fatale, then blackmailed into giving up precious state secrets.
In the Information Age, secret data is now no longer only at the mercy of balding government agents, but is stored on computer. Network administrators can reduce the risk of a breach through a combination of software updates, monitoring traffic, state-of-the-art routers and firewalls, but this may not put off a determined hacker.
What if there were a way, however, to convince a hacker that they had logged into your server when they actually were connected to a decoy machine? In this guide, we’ll explore how to set up and install the honeypot software Kippo on your Raspberry Pi to do just that.
The basic premise is that once the software is up and running, you can configure port 22 on your router to forward automatically to Port 2222 on the Raspberry Pi. A hacker will access only the file system created by Kippo (designed to resemble a Debian Server). Any changes they make will be logged so you can view them later. Most importantly, none of the other devices on your network will be compromised.
Scores on the doors
Follow the steps in the guide ( belowright) to get started with Kippo. For security reasons, you should have a dedicated Raspberry Pi for this project, with a clean install of the latest version of Raspbian. You’ll also need to be comfortable with forwarding ports on your router. The steps to do this vary from router to router but you can visit www.portforward.com to find instruction for the most common models.
Once Kippo has been running for a while, you can display the logs any time by running cat /home/pi/kippo/log/kippo. log . Bear in mind that this will display a huge amount of data as time goes on, however.
By way of an alternative, consider installing kippo-graph instead onto your Pi (see Install Kippo-Graph, below). Once the install is complete visit http://ipaddressofyourpi/ kippo-graph to view any logged data. The Kippo-Graph tab will display the overall Honeypot activity such as the total number of login attempts and passwords used. Click Kippo Input to list which commands have been run. Selecting Kippo Play-Log will play a video in browser of all logins and commands run. Use the Kippo-Geo option to list incoming connections by country. From here you can trace the IP address of various connection attempts and even display the top 10 IP addresses on an interactive map.
Honey, I blew up the Pi
We can’t emphasise strongly enough that this project is not for novices. If you aren’t comfortable with managing routers, servers and firewalls, there’s a real risk that in your attempts to set up a honeypot, you could make your network more vulnerable to attacks.