HoneyBOT® is a simple honeypot for beginners to use. Honeypots can give you a good idea of how many people are probing your machine for weaknesses. Without a honeypot, you may not be able to tell if anyone is scanning your machine.
In this example, you will use your web browser to generate some entries in HoneyBOT. You will try to make FTP and HTTP connections with your own computer. The honeypot will record the IP address of the remote machine that is scanning your computer and each port that was scanned.
Download HoneyBOT Download HoneyBOT.
Click on the Download link in the left-hand menu.
- Click on the appropriate “here” link to download the latest version of HoneyBOT.
Select your downloads folder.
Browse to your downloads folder.
Double-Click HoneyBOT_018.exe. (The version number may be different as newer releases become available.)
Click Run, Next, I Accept, Next, Next, and Next.
Check Create desktop icon.
Click Next, Install, and Finish.
- Press the Start button or click File, and Start.
- HoneyBOT may ask you to select an adapter if you have multiple NICs in your computer; select your current IP address. (It could be a non-routable IP that starts with “192.168” or it could be a typical IP address.)
- Click OK.
- Take a screenshot showing the total number of sockets loaded in the bottom status bar.
- Click Start.
- Open a web browser and go to FTP://[Your IP Address]. (Replace Your IP Address with the IP address that is being used by HoneyBOT. In this example, it was ftp://22.214.171.124.)
- When prompted for a username, enter your first name.
- Enter your last name for the password. (Entering your first and last name as username and password will record them in the HoneyBOT log. You do not really have an FTP server running. It is being “faked” by HoneyBOT.)
- Open a web browser and go to HTTP://[Your IP Address]. (Replace Your IP Address with the IP address that is being used by HoneyBOT.)
- Return to HoneyBOT and take a screenshot.
- Double-click on one of the entries with the local port listing 21. (The remote IP and local IP should be the same.)
- Take a screenshot of the HoneyBOT log entry showing your first and last name being used to access an FTP server.
- Submit your screenshots and answer the following questions:
- What impact would more open ports have on the ability of your honeypot to attract hackers?
- Can hackers tell that you have a honeypot running?
- Do they have honeypots for spammers to keep them from harvesting emails from your webpages?
- Do you think law enforcement agencies (e.g., CIA, FBI, and NSA) in the United States run honeypots to track criminal behavior?