Developments of the Honeyd Virtual Honeypot


Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses - I have tested up to 65536 - on a LAN for network simulation. Honeyd improves cyber security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems.

Honeyd is open source software released under GNU General Public License. Even though Honeyd is used commercially by many companies, it is being developed in my spare time without any financial support. Nontheless, I always appreciate a reduction of my wishlists, if you feel so inclined. The README in Honeyd’s source distribution and the acknowledgments page lists a number of people who have contributed code and ideas.

Current Status

Honeyd is maintained and developed by Niels ProvosHoneyd 1.5c has been released on 2007-05-27 and the next version is currently being developed.

Virtual Honeypots Book

The Virtual Honeypots book is finally published. It contains two chapters on Honeyd with a lot of information not previously available. It also talks about other intersting topics such as detecting honeypots, botnet tracking, client honeypots, etc. I very much hope that you are all going to like it.

Here is what Lance Spitzner, the founder of the Honeynet Project, has to say: “Virtual Honeypots is the best reference for honeypots today. Security experts Niels Provos and Thorsten Holz cover a large breadth of cutting-edge topics, from low-interaction honeypots to botnets and malware. If you want to learn about the latest types of honeypots, how they work, and what they can do for you, this is the resource you need.”

Reporting Bugs and Source Code

Bugs can be reported via Google Code. Honeyd source code can be accessed via subversion.

Or visit PHP wonder land.