Description
Hands-On Project – HoneyBOT®
HoneyBOT® is a simple honeypot for beginners to use. Honeypots can give you a good idea
of how many people are probing your machine for weaknesses. Without a honeypot, you may
not be able to tell if anyone is scanning your machine.
In this example, you will use your Web browser to generate some entries in HoneyBOT. You
will try to make FTP and HTTP connections with your own computer. The honeypot will
record the IP address of the remote machine that is scanning your computer and each port
that was scanned.
1. Download HoneyBOT
2. Click on the Download link in the left-hand menu.
3. Click on the appropriate "here" link to download the latest version of
HoneyBOT.
4. Click Save.
5. Select your downloads folder.
6. Browse to your downloads folder.
7. Double-Click HoneyBOT_018.exe. (The version number may be different as
newer releases become available.)
8. Click Run, Next, I Accept, Next, Next, and Next.
9. Check Create desktop icon.
10. Click Next, Install, and Finish.
11. Press the Start button or click File, and Start.
12. HoneyBOT may ask you to select an adapter if you have multiple NICs in
your computer; select your current IP address. (It could be a non-routable IP
that starts with "192.168" or it could be a typical IP address.)
13. Click OK.
14. Take a screenshot showing the total number of sockets loaded in the bottom
status bar.
15. Click Start.
16. Open a Web browser and go to FTP://[Your IP Address]. (Replace Your IP
Address with the IP address that is being used by HoneyBOT. In this
example, it was ftp://155.97.74.45.)
17. When prompted for a username, enter your first name (BANDAR).
18. Enter your last name (ALQHTANI) for the password. (Entering your first and
last name as username and password will record them in the HoneyBOT log.
You don't really have an FTP server running. It's being "faked" by
HoneyBOT.)
19. Open a Web browser and go to HTTP://[Your IP Address]. (Replace Your IP
Address with the IP address that is being used by HoneyBOT.)
20. Return to HoneyBOT and take a screenshot.
21. Double-click on one of the entries with the local port listing 21. (The remote
IP and local IP should be the same.)
22. Take a screenshot of the HoneyBOT log entry showing your first and last
name being used to access an FTP server.
Submit your Screenshots and answer the following questions:
What impact would more open ports have on the ability of your honeypot to
attract hackers?
Can hackers tell that you have a honeypot running?
Do they have honeypots for spammers to keep them from harvesting emails
from your webpages?
Do you think law enforcement agencies (e.g., CIA, FBI, NSA, etc.) in the
The United States run honeypots to track criminal behavior?