Hands on Project HoneyBOT


Hands-On Project – HoneyBOT®

HoneyBOT® is a simple honeypot for beginners to use. Honeypots can give you a good idea

of how many people are probing your machine for weaknesses. Without a honeypot, you may

not be able to tell if anyone is scanning your machine.

In this example, you will use your Web browser to generate some entries in HoneyBOT. You

will try to make FTP and HTTP connections with your own computer. The honeypot will

record the IP address of the remote machine that is scanning your computer and each port

that was scanned.

1. Download HoneyBOT

2. Click on the Download link in the left-hand menu.

3. Click on the appropriate "here" link to download the latest version of


4. Click Save.

5. Select your downloads folder.

6. Browse to your downloads folder.

7. Double-Click HoneyBOT_018.exe. (The version number may be different as

newer releases become available.)

8. Click Run, Next, I Accept, Next, Next, and Next.

9. Check Create desktop icon.

10. Click Next, Install, and Finish.

11. Press the Start button or click File, and Start.

12. HoneyBOT may ask you to select an adapter if you have multiple NICs in

your computer; select your current IP address. (It could be a non-routable IP

that starts with "192.168" or it could be a typical IP address.)

13. Click OK.

14. Take a screenshot showing the total number of sockets loaded in the bottom

status bar.

15. Click Start.

16. Open a Web browser and go to FTP://[Your IP Address]. (Replace Your IP

Address with the IP address that is being used by HoneyBOT. In this

example, it was

17. When prompted for a username, enter your first name (BANDAR).

18. Enter your last name (ALQHTANI) for the password. (Entering your first and

last name as username and password will record them in the HoneyBOT log.

You don't really have an FTP server running. It's being "faked" by


19. Open a Web browser and go to HTTP://[Your IP Address]. (Replace Your IP

Address with the IP address that is being used by HoneyBOT.)

20. Return to HoneyBOT and take a screenshot.

21. Double-click on one of the entries with the local port listing 21. (The remote

IP and local IP should be the same.)

22. Take a screenshot of the HoneyBOT log entry showing your first and last

name being used to access an FTP server.

Submit your Screenshots and answer the following questions:

What impact would more open ports have on the ability of your honeypot to

attract hackers?

Can hackers tell that you have a honeypot running?

Do they have honeypots for spammers to keep them from harvesting emails

from your webpages?

Do you think law enforcement agencies (e.g., CIA, FBI, NSA, etc.) in the

The United States run honeypots to track criminal behavior?