The document discusses honeypots, which are traps set up to gather information about hackers. It begins with an introduction to honeypots and their history. It then defines honeypots, explains why they should be used to learn about attacker tactics and identify vulnerabilities. It describes how honeypots work by simulating vulnerable systems. The document classifies honeypots and lists some popular honeypot tools. It concludes that honeypots provide valuable insights into how attackers operate.

1. HONEYPOT
A T R A P F O R H A C K E R S
BY B H A S K A R A S A I C H I T T U R I

2. CONTENTS
• Introduction
• History
• What is Honeypot
• Why you should
• How it works
• Classification
• Some famous Honeypots
• Conclusion

3. INTRO
• Today internet is growing very fast and the number of websites is
doubled for every 53 days and the users of internet also growing. At the
same time cyber crimes also growing very fast.
• As in the army, it is very essential to know, who the enemy is, and what
kind of tactics he uses, what he is aiming for to gather as much
information as possible is the main goal of Honeypot.
• Honeypot is an exciting new technology with enormous potential for the
security community.

4. HISTORY
• The idea of honeypot began in 1991 with two publications “The
Cuckoos Egg” and “ An evening with beford ”.
• The First Honeypot was released in 1997 called the “Deceptive Tool Kit”
the point of this kit was to use deception to attack back.
• In 1998 the first commercial Honeypot came out This was called as
“Cyber Cop Sting”.
• In 2017, Dutch police successfully used this Honeypot techniques to
track the users of the Darknet Market Hansa.

5. WHAT IS HONEYPOT?
According to Lance Spitzner, A honeypot is a resource whose
value is being in attacked or compromised. This means, that a Honeypot
is expected to get probed, attacked and potentially exploited. Honeypots
do not fix anything they provide us with additional, valuable information.
Honeypots are a highly flexible security tool with different
applications for security. They don't fix a single problem. Instead they
have multiple uses, such as prevention, detection, or information
gathering.

6. WHY YOU SHOULD USE?
• Firstly, to divert the attention of attacker from the real network, in a way
that the main information resources are not compromised
• Secondly, to build attacker profiles in order to identify their preferred
attacking methods, like criminal profile.
• Thirdly, to identify new vulnerabilities and risks of various operating
systems, environments and programs which are not thoroughly
identified at the moment.

7. HOW IT WORKS
• Honeypots are, in their most basic form, fake information severs
strategically-positioned in a test network, which are fed with false
information made unrecognizable as files of classified nature
• To break into Honeypot by an attacker, exposing them deliberately and
making them highly attractive for a hacker in search of a target.
• Finally, the server is loaded with monitoring and tracking tools so every
step and trace of activity left by a hacker can be recorded in a log,
indicating those traces of activity in a detailed way

8. Working model of
Honeypot

9. CLASSIFICATION
• High interaction
• Low interaction
By level of interaction
• Physical
• Virtual
By level of implementation
• Production
• Research
By level of purpose

10. HIGH INTERACTION HONEYPOT
• Involved in real operating system and applications.
• Picture of how an attack was progresses or how a malware executes in
real time

11. LOW INTERACTION HONEYPOT
• Allows only limited interaction for an attacker or malware.
• Easy to implement,deploy.
• Simulates some aspects of the system

12. PHYSICAL HONEYPOT
• Runs on physical machine and often implies high-interaction.
• For large address spaces, it is impractical or impossible to deploy a
physical honeypot for each IP address
• Typically expensive to install and maintain.

13. VIRTUAL HONEYPOT
• Thousands of honeypots on just one machine. They are inexpensive to
deploy and accessible to almost everyone
• Usually VMware [3] or User-Mode Linux (UML) are used to set up such
virtual honeypots
• Virtual honeypots are better than physical honeypots are scalability and
ease of maintenance

14. PRODUCTION HONEYPOT
• These are used in performing an advanced detection function, And
detects attacks which are not caught by other security systems
• measures should be taken to avoid a real attack.
• The system can provide information for statistics of monthly happened
attacks.

15. RESEARCH HONEYPOT
• Used to learn about the tactics and techniques of the Blackhat
community
• When a system was compromised the administrators usually find the
tools used by the attacker but there is no information about how they
were used.
• A Honeypot gives a real-live insight on how the attack happened.

16. SOME POPULAR HONEYPOTS
• Delilah - Elasticsearch Honeypot written in Python (originally from Novetta).
• ESPot - Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit
CVE-2014-3120.
• Bukkit Honeypot - Honeypot plugin for Bukkit.
• EoHoneypotBundle - Honeypot type for Symfony2 forms.
• Google Hack Honeypot - Designed to provide reconnaissance against attackers that
use search engines as a hacking tool against your resources.
• Laravel Application Honeypot - Simple spam prevention package for Laravel
applications.

17. CONCLUSION
A honeypot is an illusion that is weaved for the attacker.
The illusion can be as creative as we want it to be. A good illusion will get
us zero day exploits, root kits, and loads of information on how attackers
work.
The key point here is only a best thief can become a best
cop, just because, he knows how thefts are done and thus could recover.
Same way it is very important to know how the patterns of attacks used
by the blackhat community. This helps us design fool proof security
systems.