Honey Haven: Creating Research HoneyPots In the Cloud – CF038

Listen Mobile:

Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future Through an Academic Perspective!   Christian Johnson, a student at the University of Maryland will bring fresh and relevant topics to the show based on the current work he does.

Please leave a REVIEW (iPhone or iPad) – https://itunes.apple.com/WebObjects/MZStore.woa/wa/viewContentsUserReviews?id=857124890&type=Podcast&ls=1&mt=1

Support the Average Guy Tech Scholarship Fund: https://www.patreon.com/theaverageguy

WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at http://theAverageGuy.tv/subscribe

You can contact us via email at jim@theaverageguy.tv

Full show notes and video at http://theAverageGuy.tv/cf038

This week on Cyber Frontiers Christian and Jim take a hands on approach to standing up honeypots in the cloud! We discuss no-cost and low-cost methods for the average guy or up and coming security researchers to design and deploy basic honeypot configurations to the cloud in a safe manner. We discuss why honeypots are used in the enterprise today, how to consider safe and ethical practices when utilizing honeypots, and provide a brief introduction to analyzing data results from honey pot collection. We outline one of many example frameworks that can be safely used in a non-enterprise setting to learn how to use and leverage honeypots for personal learning or to augment enterprise network defenses.

An Academic History Lesson in Honeypots: The Seminal Work


Software of Choice: Kippo


Basic Installation Guide


[This guide loosely follows our approach, but we’ve provided our command list below as there are several deviations discussed on the show]

Basic Port Configuration

sudo iptables –list

sudo nano /etc/ssh/sshd_config

sudo systemctl reload ssh

sudo -s

apt-get install python-dev openssl python-openssl python-pyasn1 python-twisted

apt-get install subversion

useradd -d /home/kippo -s /bin/bash -m kippo -g sudo

apt-get install authbind

touch /etc/authbind/byport/22

chown kippo /etc/authbind/byport/22

chmod 777 /etc/authbind/byport/22

su kippo

apt install python-pip

Basic Kippo Install

svn checkout https://github.com/desaster/kippo.git ./kippo

cd kippo

cd trunk

ls -lA

mv kippo.cfg.dist kippo.cfg

pip install -Iv twisted==15.1.0


cd log

tail -f kippo.log

cat kippo.log | grep “attempt”

cat kippo.log  | grep “login”

Further Reading: Analytics and Configuration In Kippo


Jim’s Twitter: http://twitter.com/#!/jcollison

Contact Christian: christian@theaverageguy.tv

Contact the show at jim@theaverageguy.tv

Find this and other great Podcasts from the Average Guy Network at http://theaverageguy.tv

Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: