Honeypot and forEnsic Analysis Tool
Encyclopedia
Honeypot and forEnsic Analysis Tool or HEAT in short is a Live CD based on KNOPPIX S-T-D distro and Tiny Honeypot by George Bakos. This tool is primarily a honeypot for monitoring networks for unauthorized intrusions on information systems. It also doubles up as a forensic tool to perform analysis on the captured data. This tool is licensed under GNU GPL.
The tool is a complete environment for testing networks and using the results to perform forensic analysis of the data. This environment provides a solid platform for development, and vulnerability research. The majority of the tool is composed of components written in Shell code and Perl
This project was done by Vijay Vikram Shreenivos as a part of his final term project dissertation at James Cook University
Singapore.
The hardware requirements are as follows
Anything more is a bonus for running the tool.
The Live CD boots the machine to desktop and users can run the install.sh program of the HEAT tool available in the /usr/bin folder. This will create the nescessary directories for capturing information. A user can add the services details in the /etc/inetd.conf and /etc/services to start the Honeypot program to emulate services. A configuration file is generated for users to make changes accordingly like choosing which interface is listening to the data, logging of packet data and available services for emulating.
Shell access
SSH ver 1 and 2
The tool is a complete environment for testing networks and using the results to perform forensic analysis of the data. This environment provides a solid platform for development, and vulnerability research. The majority of the tool is composed of components written in Shell code and Perl
This project was done by Vijay Vikram Shreenivos as a part of his final term project dissertation at James Cook University
James Cook University
James Cook University is a public university based in Townsville, Queensland, Australia. The university has two Australian campuses, located in Townsville and Cairns respectively, and an international campus in Singapore. JCU is the second oldest university in Queensland—proclaimed in 1970—and the...
Singapore.
System requirements
The system requirements for deploying HEAT are minimal as the entire distribution runs off a Live CD.The hardware requirements are as follows
- Pentium 150 MHz or superior
- Hard disk IDE or SCSI (minimal size 512MB)
- Minimal 64MB RAM
- 1 CDROM Drive
- 1 NIC
Anything more is a bonus for running the tool.
Installation
Installation of HEAT is available in three formats- Live CD
- VMWare Image
- Tarball
The Live CD boots the machine to desktop and users can run the install.sh program of the HEAT tool available in the /usr/bin folder. This will create the nescessary directories for capturing information. A user can add the services details in the /etc/inetd.conf and /etc/services to start the Honeypot program to emulate services. A configuration file is generated for users to make changes accordingly like choosing which interface is listening to the data, logging of packet data and available services for emulating.
FTP server
- Version wu-2.6.0(1)
- BSDI Version 7.00LS)
- PFTP 0.13
- FTPd Server
- Microsoft FTP Service (Version 4.0 /5.0)
SMTP Service
- Sendmail 8.9.3/8.9.3/Debian
- Microsoft Exchange Mail Service
Shell access
SSH ver 1 and 2