| As the major threat to Internet shifting from widespread undifferentiated worms and e-mail virus to the individulized profit-oriented hacker attacks, traditional protective techniques such as data authentication, fire walls, data encryption and authentication seem to be lagging behind in terms of protective method. Honeypot system is a type of technology which actively defends the Internet by forging targets and enticing attacks. This paper will conduct its research on Honeypot system through the development of an actual honetpot.For practical reasons, this paper chooses Honeyd --- a product-type Honeypot as the core of the designing and realization of the Honeypot system. Honeyd has many good properties. It is small and compact, easy to install, has powerful functions and strong practicability and thus possess the prospect of being industrialized. However, along with the technological development, there also comes several inevitable problems. During the process of research and development, the author of this paper found there are two major problems.Firstly, the current OS fingerprint database of Honeyd is out of date. Targeting the operating system of host servers a prelude and necessary step to hacker attacks, and is decisive to their follow-up activity. Hackers usually target the host by using fingerprint technology in operating system. Therefore, forging a virtual host fingerprint is a function of great importance to the honeypot system. Honeyd uses Nmap fingerprint database, which is currently one of the most authoritative scanners. Nmap has a powerful fingerprint operating system with an extremely high precision, and is often used by hackers to target the operating system of the host. However, with the rapid development of the scanning techniques, the latest Nmap fail to detect the the virtual Honeyd host OS system as the current Honeyd is still using the old Nmap fingerprint database, thus Honeyd become futile and useless. Therefore, we discussed in this paper the update of Honeyd fingerprint database so that it could meet the demand of the new Nmap.Secondly, the identification technique of Honeyd invalidate the entire honeypot system. Honeypot system is a technology based on virtual system and protocol, thus there is inevitable difference from the real system. This leaves chances for attackers to detect and invalidate the system. At present, there are a few honeypot identification techniques. This article gives a brief introduction to those identification techniques which focus on Honeyd, and at the same time, provides corresponding anti-recognition programs. This paper introduces the basic principal of honeypot system with an emphasis on Honeyd. In this paper, we developed a Honeyd system and solved the problems mentioned above. The system that the author developed was utilized in the operation and maintenance of the Shanghai Expo 2010 official website. Part of the data related is also introduced in the last part of this paper. |
PDF Full Text Request