Implementing a wireless honeypot using honeyd

Phillip Pudney 2006

Honeypots are a powerful, new type of security technology. Unlike traditional security tools, Honeypots are designed to be probed and attacked. They are systems that appear to be an interesting target to hackers, fooling them into thinking that they are attacking a real system.

Where an intrusion detection system detects attacks by comparing them to a set of predefined rules, honeypots do not rely on known attack signatures. Instead, since they have no business function and contain no data of value, any connection attempts to a honeypot are almost certainly the result of a probe or attack. Accordingly, they are ideal for researching the activities of attackers and detecting previously unknown attacks that do not yet have signatures generated for them.

This talk introduces the concept of honeypot technology and shows how to implement a wireless honeypot using Honeyd, an open-source honeypot. The required software and hardware will be discussed. To demonstrate what can be done with a wireless honeypot, the results of a unique study conducted by the author will be presented which demonstrate the threat posed by insecure wireless networks.

About Phillip Pudney

Phillip Pudney is an information security consultant with CQR Consulting, a “born global” but wholly Australian-owned provider of independent information security services. Phillip specialises in wireless network security and technical vulnerability assessments, and has over 8 years experience in information technology with 3 years focussed on security.

Prior to joining CQR Consulting, Phillip carried out state of the art research in wireless network security at the University of South Australia's Advanced Computing Research Centre. He regularly presents on information security topics at conferences throughout Australia.