Lure possible attackers into a trap with a Kali Linux honeypot.
One thing many security experts depend on is the honeypot. What is a honeypot? Simply put, they are systems put in place to mimic particular targets of cyberattacks. With a honeypot in place, admins can detect and log attacks to certain services as well as the originating IP address of said attack.
Believe it or not, setting up a honeypot is quite simple--especially if you have a running instance of Kali Linux on hand. And that's exactly what I'm going to show you. With a combination of Kali Linux and pentbox, you can have a honeypot up and running in minutes.
SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)
What you'll need
The only things you'll need are a running instance of Kali Linux and a user account with admin privileges.
How to download pentbox
Log in to your Kali Linux machine as an admin user. Open a terminal window and download pentbox with the command:
Once that file has finished downloading, extract the archive with the command:
tar xvfz pentbox-1.8.tar.gz
This will create a new directory named pentbox-1-8. Change into that new directory with cd pentbox-1.8.
How to run pentbox
The next step is to run the pentbox Ruby script with the command:
When you issue the command, you'll be greeted by a menu. From that menu select 2 (for Networking tools) and then 3 for Honeypot (Figure A).
In the next menu (Figure B), select 1 (for Fast Auto Configuration). This will launch a honeypot listening on port 80.
Next, open a web browser on another machine (connect to the same network as the honeypot) and point it to http://SERVER_IP (where SERVER_IP is the IP address of your Kali machine). You should see an Access Denied error (Figure C) in the browser.
Go back to the terminal window on the Kali Linux machine and you should see the honeypot picked up the attempted connection (Figure D).
How to launch a specific instance
Now we want to launch a honeypot to listen on a specific port. Say you've had trouble with attacks on SSH. To deploy pentbox such that it's listening in on port 22, you'd run the script and select 2 and then 3, followed by 2. When prompted for a port to open, type 22 (Figure E).
You can then opt to save a log and then have a beep announce an intrusion. Once the honeypot is running, attempt to SSH into the Kali Linux machine (from another machine) and you'll see pentbox logs the instance (Figure F).
As you can see, pentbox logs the attempt, as well as the originating IP address.
Congratulations, you've just deployed your first honeypot.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- How to set up an SFTP server on Linux (TechRepublic)
- How to safely delete a user account on Linux (TechRepublic)
- How to securely delete files in Linux with srm (TechRepublic)
- How to perform security audits on Ubuntu server with OpenSCAP (TechRepublic)
- Cloudflare, Google Chrome, and Firefox add HTTP/3 support (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)