I bought an old battered PC over the weekend with the goal of installing a honeypot. I had never installed a honeypot before so wasn’t quite sure what to expect. At first I decided on Dionaea the succsesor to Nepenthes, I had heard great things about Nepenthes from a friend of mine (Infosanity). After going through the installation process, I couldn’t get Dionaea to ‘make’ with the right Python version detected (> 3.0), after about an hour of playing around I decided to give Glastopf a try.
Glastopf is a Honeypot which emulates thousands vulnerabilities to gather data from attacks targeting web applications. The principle behind it is very simple: Reply the correct response to the attacker exploiting the web application. The project has been kicked off by Lukas Rist around one year ago and the results we are got during this time are very promising and an incentive to put even more effort in the development of this unique tool.
Glastopf was very easy to install and configure, I simply downloaded the subversion trunk and ran it with “sudo python webserver.py”. Glastopf was up and running however not configured. Glastopf gives you the option to save the honeypot logs to a MySQL database, for this all you have to do is install MySQL and python-mysql, set up the database/tables and add the ‘mysql.py’ plugin to the configuration file. Glastopf provides you with the table structure already set out in the ‘/structure/log.sql’ file, to import the file I used ‘mysql-navigator’ (sudo apt-get install mysql-navigator), mysql-navigator is a GUI client for MySQL, you can however just use the MySQL command line client.
All I had to do now was forward port 80 on my router to the machine with Glastopf running on it. I will now leave the machine running for a few days and hopefully come back with some statistics, which I will of course be posting and making pretty little graphs out of. :) If the initial statistics and hits are positive I will try to keep the honeypot running indefinitely and some how link the stats to the blog.
Let me know if/when you get some good results from Glastopf. I need to try again, but my initial attempt at running the system wasn’t as promising as I was hoping for. Assuming you have more luck than I did I’ll give it another shot.
Will be very interested to see the results!
Look forward to hearing how it goes!
I still have to try glastopf out myself. If you have other/better results than Andrew I’d really like to know. Anyway, great article !