Honeyd - A Virtual Honeypot Daemon

Honeypots are closely monitored network decoys serving several purposes: they can distract adversaries from more valuable machines, they can provide early warning of and response to new attacks and they allow in-depth examination of adversaries during and after exploitation of a honeypot. However, deploying physical honeypots is often time intensive and expensive as different operating systems require specialized hardware and every honeypot requires its own physical system.

This WIP presents recent improvements to Honeyd, a framework for virtual honeypots, that simulates virtual computer systems at the network level. To fool network fingerprinting tools, Honeyd simulates the networking stack of different operating systems and can provide arbitrary routing topologies and services for an arbitrary number of virtual systems. The Honeyd framework can help in many areas of system security; examples range from detecting worms and distracting adversaries to preventing the spread of spam email.