Ex.

No : 03
Date :

SETUP A HONEY POT AND MONITOR THE HONEYPOT ON

NETWORK (KF SENSOR)

Aim
To setup a honey pot and monitor the honey pot on network using KF Sensor.

Theory
Honey Pot is a device placed on Computer Network specifically designed to capture
malicious network traffic.
KF Sensor is the tool to setup as honeypot when KF Sensor is running it places a siren
icon in the windows system tray in the bottom right of the screen. If there are no alerts then green
icon is displayed.
Installation
Step 1: Download the KF Sensor Evaluation Setup File from KF Sensor Website.
Step 2: Install with License Agreement and appropriate directory path.
Step 3: Reboot the Computer now.
Step 4: The KF Sensor automatically starts during windows boot Click Next to setup wizard.
Step 5: Select all port classes to include and Click Next.
Step 6: Send the email and Send from email enter the ID and Click Next.
Step 7: Select the options such as Denial of Service [DOS], Port Activity, Proxy Emulsion,
Network Port Analyzer, and Click Next.
Step 8: Select Install as System service and Click Next.
Step 9: Click finish
KFSensor

Windows based honeypot known as KF Sensor

It detects an incoming attack or port scanning and reports it to you

A machine running KFSensor can be treated as just another server on the network,
without the need to make complex changes to routers and firewalls.

How KFSensor Works?

KFSensor is an Intrusion Detection System.

It performs by opening ports on the machine it is installed on and waiting for connections
to be made to those ports.
1 A.Aruna, Assistant Professor, Department of Information Technology, SNSCE

By doing this it sets up a target, or a honeypot server, that will record the actions of a
hacker.

Components
KFSensor server

KFSensor Server- Performs core functionality

It listens to both TCP and UDP ports on the server machine and interacts with visitors and
generates events

A daemon that runs at the background (like Unix daemon)

KFSensor Monitor

Interprets all the data and alerts captured by server in graphical form.

Using it you can configure the KFSensor Server and monitor the events generated by the
KFSensor Server.

Sim Server

Sim server is short for simulated server.

It is a definition of how KFSensor should emulate real server software.

There is no limit to the number of Sim Servers that can be defined.

There are two types of Sim Server available; the Sim Banner and the Sim Standard
Server.

Setting up a HoneyPot

You can get educational License from Keyfocus.

Install WinPCap
o A industry standard network packet capturing library

Install KFSensor

Result
Thus the Digital signature program has been developed using java and output is obtained.

2 A.Aruna, Assistant Professor, Department of Information Technology, SNSCE

3 A.Aruna, Assistant Professor, Department of Information Technology, SNSCE