Network vulnerability-assessment vendor NetVigilance is offering a free tool called WinHoneyd as a low-interaction honeypot that can mimic aspects of a Windows-based network to be used as an attack decoy.
The intent of the WinHoneyd honeypot, says NetVigilance CEO Jesper Jurcenoks, is to emulate the real corporate network, either at the Internet edge or deep inside the LAN, by means of a honeypot so the impact of attacks can be better understood.
“As soon as you have a guy probing your fake server, you can use this information to create better countermeasures,” said Jurcenoks. “The honeypot can be a way to learn about new attacks.”
He said Winhoneyd is a simple command-line tool that can emulate thousands of different Windows-based desktops and servers, and users can optionally add information by proxy or otherwise to give the look of a real corporate computer.
“But a really good manual attacker would probably recognize it’s not a real SQL Server, for example,” Jurcenoks acknowledged. But WinHoneyd would attract automated attacks and that could give users a chance to examine the impact of a wide variety of automated assaults on the emulated honeypot network.
NetVigilance intends to develop a commercial honeypot with a full graphical user interface. That commercial product is expected to be available later in the year and will probably cost under $250.
The free WinHoneyD software can be found here.