Introduction Of Honeypot Study Material Notes in Cyber Security

Introduction Of Honeypot Study Material Notes in Cyber Security

Introduction Of Honeypot Study Material Notes in Cyber Security :-In  this  cyberpoint9 tutorial we are going to describe about the  concept wireless security and their policy and protocols in ethical hacking cyber programming. And also we will describe that how can we use wireless security System for our safety.This is the free ethical hacking tutorials: course for Beginners  And why we  use  wireless security protocols on information security  to make  more interactive and  secure for our daily life. Best Online Tutorial for ethical hacking.When ever we want to learn any thing the things become more earlier is somebody/tutorial/study material taught us through Examples. Here we have tried to describe each and every concept and Need of Wireless Security  Ethickal and Cyber Security   in the light of  best Hindi  Short tutorial using simple and best possible example. These examples are so simple that even a beginner who had never even heard about hacking and Cyber law can easily learn and understand what are the Wireless Security Standards and  How  the  Ethical Hacking works in our today’s Technical Field. This is  the best  tutorial/Study Material  very beneficial for beginners  as well as Professional. The Complete Ethical Hacking Course:Beginner to Advanced for Every One!

Introduction to IDS | IPS | Honeypots
Network Security With Snort
Log Analysis
Honeypots and Attack Analysis

UTM stands for Unified THreat Management Syste is a promising technology having Firewalls, Antiviruses, IDS, IPS, Web SEcurity, Wireless SEcurity, Service Enumeration etc.

Eg. Sophos UTM 9.

IDS –> Intrusion Detection System|Servcies
It is the service which helps in detecting in any kind of intrusion and malicious activity of teh attacker in the network.
IPS –> Intrusion Prevention System|Servcies
After, once the intrusion is detected, there comes the prevention phase. In this phase, the application or the software will tell you that these are the ways in which you can prevent your system from being intruded or from being compromised.

IDS and IPS are known as the anti virus of the network –> They work on the network level.

They work on the content of the packet which are transmitted in the network.
Destination Port
Source Port
Source IP Address
Destination IP Address

SNORT –> It is considered to be the world’s best IDS and IPS used by teh corporates.
It works on the rule basis of the data and the packets.

For Installing SNORT
#apt-get install snort
For Checking the SNORT Version
#snort -V
For Starting SNORT

Rule Files
/etc/snort/rules –> where all the rules are located, of snort.


alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:”FINGER null request”; flow:to_server,established; content:”|00|”; reference:arachnids,377; classtype:attempted-recon; sid:324; rev:5;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 21
(msg:”FTP MDTM overflow attempt”; flow:to_server,established; content:”MDTM”; nocase; isdataat:100,relative; pcre:”/^MDTM\s[^\n]{100}/smi”; reference:bugtraq,9751; reference:cve,2001-1021; reference:cve,2004-0330; reference:nessus,12080; classtype:attempted-admin; sid:2546; rev:5;)

Format For Creating Snort Rules
Basic Rule Syntax
Action Protocol SourceIPAddress SourcePortNumber DirectionOfFlow DestinationIPAddress DestinationPortNuber (Body;)

alert tcp any any -> any any (msg:”Sample Alert”;)

The Rule Header
Action (log, Alert)
Protocol (TCP, UDP, IP, ICMP, any)
Source IP Address –> From where Data is originated
Source Port Number –> Port Number of the source Device
Direction Operator –> (“->” – Unidertional, “<>” – bidirectional)


Destination IP Address –> To which IP Address data is going
Destination Port Number –> To which port session is creating

Source and Destination IP Address can be variables
1. $EXTERNAL_NET –> Any IP Address which is an external IP Address, outside the organisation.
2. $HOME_NET –> Any IP Address from the inernal organisation or the intranet.

Source IP Address
1. If I want to make it specific –> instead of any, i want to give an IP Address
alert any any -> $HOME_NET any (msg:”Vallari Mittal Is Again Attacking”;)

2. If I want the source IP Address for Intranet
alert any $HOME_NET any -> any any (body;)

3. If I want the source IP Address for Internet
alert any $EXTERNAL_NET any -> any any (body;)

Same Thing Goes With Destination IP Address.

alert any any any <> any any (content:””;msg:”Imma Watson is attacking”)

alert tcp any 22 <> 22 (msg; kiki ka ssh)

We will create these rules and save them in /etc/snort/rules.
imma.rules —> rule file
But we havenot implemented those rules.
For Implementing we need to edit a configuration file of snort.

Types Of Rule Options
There are 5 types of rule Options
1. Metadata
2. Payload Data
3. Non Payload Data
4. Post Detection
5. Thresholding and suppression

It is a system designed to appear vulnerable to attackers. The goal of a Honeypot is to log all the attacker’s activity to study their behavious, log their IP Addresses, Track their locations and collect the data about 0-day exploits. The idea of Honeypot is nothing but a server that offers any kind of services to the attackers, from ssh to telnet, showing various well known exploitable ports.

Pentbox –> HoneyPot for Linux/unix based OS.
Download .tar.gz file from
Open the terminal
#cd Downloads
#tar vzxf Filename.tar.gz
#cd pentbox-1.0

Log Analysis
Syntax of Log Of A Server

IP Address | Remote Log Name | Authentication Type | TimeStamp | Access Request | Response Code | Data Transfer (Bytes) | Referrer URL | User Agent

IP Address -> –> IP Address of the visitor
Remote Log Name –> Identity Check for browser ‘-‘

Authentication –> 1. Basic Authentication
2. Integrated Authentication
3. Form Based Authentication
4. Digest Authentication

Response Code –> 5 type of responses code
1xx –> Informational resource
2xx –> Successful redirection
3xx –> Redirection
4xx –> Client Side error
5xx –> Server Side error

3 comments on “Introduction Of Honeypot Study Material Notes in Cyber Security
  1. I really appreciate this post. I have been looking all over for this! Thank goodness I found it on Bing. You have made my day! Thx again

  2. Hey There. I discovered your weblog the use of msn. That is a very neatly written article. I’ll make sure to bookmark it and return to read extra of your helpful information. Thanks for the post. I will certainly return.

  3. In fact no matter if someone doesn’t be awar of then itts up toother viewers that they will assist, so here it takes place.

Leave a Reply

Your email address will not be published. Required fields are marked *