Monday, 16 April 2012

Honeyspot

 
For my research one of the aims is to investigate are people connecting to access points they are not supposed to use, in order to find out if this is happen and will be deploying a Honeyspot to see if anyone connects to it.

A HoneySpot is portmanteau of Honeypot and Hotspot.

Honeynet Project definition (http://www.honeynet.org/misc/faq.html) of a Honeypot is, “a system whose value is being probed, attacked, or compromised, you want the bad guys to interact with it”.

TheWikipedia definition for a hotspot is (http://en.wikipedia.org/wiki/Hotspot_%28Wi-Fi%29), “A hotspot is a venue that offers Wi-Fi access. The public can use a laptop, WiFi phone, or other suitable portable device to access the Internet”.

A HoneySpot has been defined by the The Spanish Honeynet Project (SHP) in their document "HoneySpot: The Wireless Honeypot" as a "venue that offers Wi-Fi access whose value is being probed, attacked, or compromised, you want the bad guys to interact with it”

Two types of HoneySpots have been defined:

· A Public HoneySpot simulates a public wireless data network, that is, a pure hotspot. Hotspots are commonly available at hotels, airports, coffee shops, libraries, as well as other public places where there is a high interest in offering Internet connectivity to visitors and customers.

· A Private HoneySpot simulates a private wireless data network, such as those available in corporations or at home. Typically, a private network offers access to a wired network (corporate or home network) to legitimate wireless clients without the physical barriers associated to wired connections.
For my experiment I will be using a WiFi Pineapple Mk4 to create the Honeyspot, which is a wireless router combined with a custom version of OpenWRT that allows it to be used for Wireless security research and auditing. It has installed utilities such as Karma and DNSspoof and or URLSnarf with which I can detect unauthorised connections.

I will be continuing this with more details of the configuration and the results as the experiment progresses.


No comments:

Post a Comment