SETUP A HONEY POT AND MONITOR THE HONEYPOT ON NETWORK (KF SENSOR)
Aim To setup a honey pot and monitor the honey pot on network using KF Sensor.
Theory Honey Pot is a device placed on Computer Network specifically designed to capture malicious network traffic. KF Sensor is the tool to setup as honeypot when KF Sensor is running it places a siren icon in the windows system tray in the bottom right of the screen. If there are no alerts then green icon is displayed. Installation Step 1: Download the KF Sensor Evaluation Setup File from KF Sensor Website. Step 2: Install with License Agreement and appropriate directory path. Step 3: Reboot the Computer now. Step 4: The KF Sensor automatically starts during windows boot Click Next to setup wizard. Step 5: Select all port classes to include and Click Next. Step 6: Send the email and Send from email enter the ID and Click Next. Step 7: Select the options such as Denial of Service [DOS], Port Activity, Proxy Emulsion, Network Port Analyzer, and Click Next. Step 8: Select Install as System service and Click Next. Step 9: Click finish KFSensor
Windows based honeypot known as KF Sensor
It detects an incoming attack or port scanning and reports it to you
A machine running KFSensor can be treated as just another server on the network, without the need to make complex changes to routers and firewalls.
How KFSensor Works?
KFSensor is an Intrusion Detection System.
It performs by opening ports on the machine it is installed on and waiting for connections to be made to those ports. 1 A.Aruna, Assistant Professor, Department of Information Technology, SNSCE
By doing this it sets up a target, or a honeypot server, that will record the actions of a hacker.
Components KFSensor server
KFSensor Server- Performs core functionality
It listens to both TCP and UDP ports on the server machine and interacts with visitors and generates events
A daemon that runs at the background (like Unix daemon)
KFSensor Monitor
Interprets all the data and alerts captured by server in graphical form.
Using it you can configure the KFSensor Server and monitor the events generated by the KFSensor Server.
Sim Server
Sim server is short for simulated server.
It is a definition of how KFSensor should emulate real server software.
There is no limit to the number of Sim Servers that can be defined.
There are two types of Sim Server available; the Sim Banner and the Sim Standard Server.
Setting up a HoneyPot
You can get educational License from Keyfocus.
Install WinPCap o A industry standard network packet capturing library
Install KFSensor
Result Thus the Digital signature program has been developed using java and output is obtained.
2 A.Aruna, Assistant Professor, Department of Information Technology, SNSCE
3 A.Aruna, Assistant Professor, Department of Information Technology, SNSCE
