1. The $15 (per year) Honeypot

    Super low budget VPS servers make an ideal home for your own honeypot, this post takes you through setting up a feature packed honeypot on a TinyVZ VPS.

    I'm always on the look out for a cheap place to a host a honeypot which is why I was pretty intrigued when I came accross a few companies offering $15 per year virtual private servers.

    This offer does seem to good to be true - and I don't plan on hosting anything important on my VPS - but I've been running one with TinyVZ for 3 months now and had no problems to speak of.

    So, here's a quick guide to setting up your own $15 honeypot - though please don't treat this as a glowing endorsement of super cheap VPSs, when I paid my $15 I treated it more as placing a bet than purchasing a service.

    I have chosen TinyVZ as the host for this guide, you can almost certainly do this on other similarly cheap hosts. Because this guide uses my honeypot setup script most of it revolves around navigating TinyVZ's control panel. I am not affiliated with TinyVZ.

    TinyVZ have confirmed that they are happy for their customers to run honeypots.


    Server Setup (TinyVZ Specific)

    • Sign up for a TinyVZ account (this can take up to 3 days)
    • You will eventually receive a "New Server Information" email.
    • Login to the control panel with the details provided.
    • Click "Reload OS"
    • Choose ubuntu-12.04-x86 and push "Reload with selected OS"
    • Once that's done go back to "Main Menu"
    • Now copy the I.P. address of "Host Machine" and connect via SSH to this address
    • When prompted enter username "vz" and password "vz"
    • Now for "RAMCP Username" and "RAMCP Password" enter the username and password provided in the welcome email
    • You should now be logged in as root
    • Set a password with passwd
    • Install sudo: apt-get update && apt-get install sudo

    Install (Ubuntu)

    • Now run the following: wget -q https://raw.github.com/andrewmichaelsmith/honeypot-setup-script/master/setup.bash -O /tmp/setup.bash && bash /tmp/setup.bash


    Tada - you should now have a full Kippo and Dionaea install. You can monitor /var/kippo and /var/dionaea for logs and binaries.

    Security Considerations The default setup you are left with on this server is iffy at best. You should not really be logging in as root, I would advise at the very least following this guide on securing SSH.

    read more

    There are comments.

  2. Automatic Honeypot Setup Script

    I have just finished work on the first version of my automatic honeypot setup script. This script will turn a vanilla install of Ubuntu 12.04 into a fully functioning honeypot in under 3 minutes.

    I have two main issues that I have encountered when playing around with honeypot software.

    Firstly, you often won't find out that there are problems with your configuration until an attacker hits. And this can sometimes take hours. Nothing is more frustrating than coming back to a honeypot after a week to find a log file full of Access Denied messages.

    Secondly, honeypot software is designed with technical users in mind. Installing Apache Web Server is a matter of apt-get install apache2, it will start on system start up and come with helpful defaults. Whereas if you want to install kippo, you need to check out the subversion repository and it certainly won't set itself up to run on startup.

    This script is my solution to these problems: https://github.com/andrewmichaelsmith/honeypot-setup-script/

    Running the script will install the following services:

    All of these services will:

    • run straight out of the box with no additional configuration
    • start on system start up and log to /var/log
    • have useful and secure defaults

    You will be prompted for exactly one piece of information:

    • the network interface you want these services to run on

    This the first release and testing has been limited to Ubuntu 12.04. This script does all sorts of things as a super user, so please, for now, only run it on a clean install.

    Feature requests, bug reports and pull requests are encouraged on the Github.

    If you have any other queries, please feel free to contact me.

    Here's a video of a 3 minute install:

    read more

    There are comments.

  3. Multiple IPs for EC2 Instances

    Amazon recently announced an increase in their IP Address limits for single EC2 instances. At first glance this looks like big news for anyone who runs a honeypot on EC2. My research has found that it's not quite as good as it sounds but there are definite benefits for anyone with a little cash to spend.

    Up until recently it has not been possible to have more than 1 IP Address associated with your EC2 instance*. As someone who runs a Dionaea Honeypot on EC2 I have been looking for a way to get multiple IP addresses pointed at my instance for a while now.

    Which is why I was quite excited when Amazon announced that they would now support up to 240 IP Addresses per single EC2 instance. That figure actually refers to private IPs, but in AWS land a private IP can have a public IP pointed at it. So this sounds like big news for anyone running a honeypot on an EC2 instance; more IPs means more interesting honeypot data. 240 IPs means a crap load of interesting honeypot data.

    Unfortunately it's not quite as simple as that. The 240 IP limit only applies to the rather expensive High-Memory Quadruple Extra Large ($1317.60 a month) instance. Smaller instances have smaller limits. The smaller amounts are as follows:

    • Micro: -
    • Small: 8
    • Medium: 12
    • Large: 30


    As you can see that means that anyone hoping to get multiple IPs on their free tier micro instance are out of luck.

    For those thinking that 30 IPs is not too bad and they may splash out on a large, there's a further limitation from Amazon. They limit EC2 users to 5 IP Addresses per account. Fortunately, you can request an increase, which is exactly what I did. I found that there wasn't a need for too much detail, my e-mail looked something like this:


    I am looking to increase my IP limit, please, I need a higher amount for the security research that I use my EC2 instances for. Ideally I would like 240 but will be grateful for a smaller amount if that isn't possible.


    Amazon raised my limit to 20 IP addresses. In this day and age to IPv4 exhaustion I suppose 20 is not to be sniffed at but it could be better, maybe if I made a stronger case in the future (or had more paid instances..) I would get more but it's hard to tell.

    In conclusion, Amazon's recent limit increase is only big news for big spenders. It's not possible to just grab 240 IP and point them at your free tier micro instance. If all you want is a few more IPs then it's probably more cost effective to grab a budget VPS.

    However, if you want the flexibility of EC2 then this may be worthwile. The great thing about EC2 is the flexibility. You can grab those IPs and release them as you like. So if there was some particularly interesting vulnerability you wanted to emulate, you could quickly spin up a 20 IP instance, run it for a few days and then spin it back down. Then you could release the data publicly without any worry about compromising your honeypot's anonymity.

    I intend to follow up this post with a quick step by step guide on setting up a 20 IP Dionaea honeypot.

    * I believe that strictly speaking the limit is 2 but I looked in to this once and it requires all sorts of faffing with things like load balancers which I deemed to not be worth the effort.

    read more

    There are comments.

  4. Adding Facebook and Twitter Buttons to a GWT Project

    As a new user to GWT I spent quite some time trying to add a Twitter Tweet button and Facebook Like button to a GWT project. After extensive searching I didn't find a useful answer.

    The issue I was having was that I would include the JavaScript and the HTML provided by Twitter and Facebook but my buttons weren't being rendered.

    I had the JavaScript includes in my index.jsp and had created a UIBinder .swt.xml with the HTML code but when I launched my app it was just blank.

    The solution was to make a call to the Twitter and Facebook JavaScript functions once the Composite had loaded.

    This is achieved by over-riding the Composite's onLoad method and calling the rendering functions like so:

    @Override protected void onLoad() {
    private static native String showSocialButtons() /*-{
     $wnd.twttr.widgets.load(); //Render twitter button
     $wnd.FB.XFBML.parse();     //Render facebook button

    And this meant that my social buttons were being rendered properly.

    read more

    There are comments.

« Page 3 / 6 »