Research And Design Of Honeypot Technology Based On Honeyd

A honeypot is used in the area of computer and Internet security. It is an information system resource whose value lies in being scanned, attacked and compromised. We can get more information about the attacker and attack techniques by using it. It can also be used to attract and divert attacker's attention from the real targets. Honeypot and extension techniques of honeypot are very popular currently. Honeypot has already not only been a kind of new technique, but also be treated as one progressive safe strategy.Honeyd is a light-duty honeypot tool with a powerful function, which has been extensively applied at present. It features plenty of functions, such as simulating multi-operating systems in the protocol stack, simulating network topological structure, fingerprint matching, redirection, etc. it can commendably solve the contradiction between interaction level and self security. Honeyd delegates the development level of the honeypot technology in many fields.This paper firstly investigates the Honeyd logical structure, including each logical module's functions, the corresponding between modules, the disposal process of the protocol packets of TCP UDP and ICMP. Secondly, it parses the function flow, the code implement, etc. Whereafter, basing on the analyses results and the anti-honeypot technology, it puts forward two methods to improve Honeyd, at first, it perfects the simulation of three-way handshake and increases an SYN/ACK retransfer function, which makes the approach of the actual system. Second, it increases an email alarm function by sending the disposed log, security managers can understand the attack instance in time and exactly. Finally, it utilizes Honeyd to confront network worm, probes into an improved scheme by using plug-in mode or cooperating with other security tools to enhance the withstand capability.Honeypot technology still is in the continuous development process, but we can affirm that it is an important part of network security architecture. With thorough study on honeypot technology, the function of honeypot also will be more outstanding.