Honey C and Honey D

1
Honey C and Honey D
2
Honey C

• Honey C is a low Interaction honey pot developed
  at Victoria University of Wellington by Christian
  Seifert. Honey C consist of three components
• Visitor
• Queue
• Analysis Engine

3
How Honey C works

• We mentioned the three components of the Honey C
  in the previous slide. The Visitor is
  responsible for interacting with the servers. The
  queue creates a queue of servers for the visitor
  to interact with using several algorithms like
  crawling and search engine integration. The
  Analysis Engine is responsible for checking to
  see if the security policy was violated after the
  visitor interacts with each server.

4
Honey D

• Honey D is a small daemon that creates virtual
  hosts on a network. The hosts can be configured
  to run arbitrary services, and their personality
  can be adapted so that they appear to be running
  certain operating systems. Honey D enables a
  single host to claim multiple addresses. It has
  been tested on up to 65,536 on an LAN network
  simulation. It improves security by providing
  threat detection and assessments.

5
Honey D Features

• Simulates thousands of virtual hosts at the same
  time.
• Configuration of arbitrary services via simple
  configuration file
• Includes proxy connects.
• Passive fingerprinting to identify remote hosts.
• Random sampling for load scaling.
• Simulates operating systems at TCP/IP stack
  level
• Fools nmap and xprobe,
• Adjustable fragment reassembly policy,
• Adjustable FIN-scan policy.
• Simulation of arbitrary routing topologies
• Configurable latency and packet loss.
• Assymetric routing.
• Integration of physical machines into topology.
• Distributed Honeyd via GRE tunneling.
• Subsystem virtualization
• Run real UNIX applications under virtual Honeyd
  IP addresses web servers, ftp servers, etc...
• Dynamic port binding in virtual address space,
  background initiation of network connections,
  etc.

6
Conclusion

• Honey D can boast of an impeccable feature set.
  When compared to the three component set of Honey
  C. However Honey D is more complex making it more
  vulnerable to errors. If I were to pick one for
  security purposes it would have to be Honey
  because it allows one to do more.

7
References

• Honey D
• http//www.honeyd.org/general.php
• Honey C
• https//projects.honeynet.org/honeyc/wiki/AboutHon
  eyC
• Front Page Picture
• http//allianceinvestigationsgroup.com/images/comp
  uter20security.jpg