Breaking Security News:

Welcome to Honeypots: Monitoring and Forensics

"All warfare is based on deception."
-- Sun Tzu

  • Home

  • White Papers:
  • Shell Monitoring with Modified Script
  • Monitoring VMware Honeypots

  • White Papers - In Development:
  • VMware Honeypot Forensics
  • Apache Web Server Honeypot
  • Honeypotting with BackLog

  • Links:
  • Honeypot Links

  • Contact:
  • Contact Info


    Mission Statement:

    The Honeypots: Monitoring and Forensics Project's purpose is to highlight cutting edge techniques, tools and resources for conducting Honeypot Research and Forensic Investigation.  There are a number of outstanding Honeypot/net Research projects available, most notably, the Honeynet Project (  This project hopes to compliment the work conducted by the Honeynet Project by focusing on individual honeypots rather than honenets.  The focus is even further specified by highlighting monitoring and forensic techniques rather than honeypot setup and installation settings.  Many of the papers and tools presented on this website are the result of honeypot research testing conducted by Ryan C. Barnett.

    Honeypot Definition:
    An Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system. Honeypots are designed to mimic systems that an intruder would like to break into but limit the intruder from having access to an entire network. If a honeypot is successful, the intruder will have no idea that s/he is being tricked and monitored. Most honeypots are installed inside firewalls so that they can better be controlled, though it is possible to install them outside of firewalls. A firewall in a honeypot works in the opposite way that a normal firewall works: instead of restricting what comes into a system from the Internet, the honeypot firewall allows all traffic to come in from the Internet and restricts what the system sends back out. 
    By luring a hacker into a system, a honeypot serves several purposes: 
    • The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned. 
    • The hacker can be caught and stopped while trying to obtain root access to the system. 
    • By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.


    © 2002 Honeypots: Monitoring and Forensics