Honeyd Configuration Steps

You can install and configure Honeyd in just a few hours if you know the right steps. Here are those steps:

1. Set up a hardened (i.e., fully patched) Windows box.



2. The Honeyd installation requires a packet-level driver, so download and install WinPcap 3.0 from http://winpcap.polito.it, then reboot.



3. Download Honeyd for Windows in compiled (or source code) form from http://www.securityprofiling.com. Unzip the compiled executable package and extract the files and directories. Honeyd will create its own directory and subdirectories. Rename the honeyd-0.5 folder to honeyd for easier command-prompt handling and scripting.



4. Go to the command prompt and access the honeyd directory.



5. Type the command

   honeyd -W

   to test that Honeyd is functioning and can identify your network interfaces. If Honeyd errors out, troubleshoot the previous steps.



6. Configure your routing infrastructure so that the appropriate network traffic gets passed to the honeypot machine.



7. Download additional advanced scripts from http://niels.xtdnet.nl/honeyd/contrib.html. Unzip the scripts and place them in the Honeyd scripts folder.



8. Download and install Cygwin and the accompanying shell script engine (sh.exe) and Perl script engine (perl.exe) from http://www.cygwin.com. Add the Cygwin binaries path to your system's PATH variable (e.g., C:\cygwin\bin). Alternatively, download and install the Perl script engine from http://www.activestate.com. Add the Perl binary directory (e.g., C:\perl\bin) to your system's PATH variable.



9. Test scripts and script engines at the command prompt.



10. Read the accompanying honeyd.html file for executable and configuration file syntax.



11. Decide how you want to monitor the honeypot. This decision leads directly to how you'll handle alerts and logging.



12. Create and configure your Honeyd configuration file. Specifically, you need to perform the following tasks:

• Define your templates (create the template, annotate the personality, bind the personality to template, and bind the IP addresses to the personality).
• Define TCP and UDP ports.
• Define emulation scripts.
• Configure the physical network so that the honeypot gets intended traffic.
• Execute Honeyd.
>