At some point in the near future, I would like to setup a honeypot VPS.
I’ve been interested in this for a while, but I think it is time that I actually start thinking about this seriously.
Ideally, I would like this to be a multi-service honeypot (SSH, telnet, IMAP, SMTP) that logs all attempted authentication types, and stores many of the details to be looked at later. This would include IP, username, password and obviously a timestamp.
Before actually launching the project I will need to do the following:
- Determine services to log.
- Determine how to get the services to log the required data.
- Create each service and test to ensure the data gets logged, without compromising the system.
- Determine how to store the logged data.
- How long to run the project for.
- Where to host the project.
- Can I use this project and data in my studies some how.
This page will be used as a way to track progress, post updates and in general log work that I have done towards this project.
This project will force me to compile some of the services from source to be able to make the modifications I require, this I know after reading a few other projects that have done this, specifically for SSH.
If I do complete this project and am able to get it live, the data collected will be made publicly available.