Description

'HoneySink (sinkhole) is a program designed to emulate existing services such as DNS, FTP, HTTP, and IRC. Its purpose is only to log relevant parts of these protocols to aid administrators in analyzing network based attacks. This sinkhole is capable of supporting multiple different protocols at once, and allows virtual servers by grouping clients into classes based on IP.

Installation

Prerequisites

$ sudo apt-get install autoconf

Sinkhole

$ cd /data/src/
$ wget http://redmine.honeynet.org/attachments/download/6/honeynet-sinkhole-0.9.2-9-31af032.tar.gz
$ tar xzvf honeynet-sinkhole-0.9.2-9-31af032.tar.gz
$ cd honeynet-sinkhole-0.9.2-9-31af032/
$ ./configure
$ make
$ sudo make install

Configuration

Once installed, a default configuration file is created in /usr/local/etc/.

Copy it to create a configuration file that you can then modify:

$ cd /usr/local/etc/
$ cp sinkhole.conf.example sinkhole.conf

Usage

Options

--config <filename>: Use filename as the configuration file
--debug: Enable debug mode
--help: Shows this help
--nofork: Don't daemonize
--version: Print version and exit

Start sinkhole

3 bugs have been identified (waiting for a patch):

HoneySink

Contents

Description

Installation

Prerequisites

Sinkhole

Configuration

Usage

Options

Start sinkhole

Share your opinion

Navigation menu

HoneySink

Description

Installation

Prerequisites

Sinkhole

Configuration

Usage

Options

Start sinkhole

Share your opinion

Navigation menu

Search