A honeyport is essentially a simpler version of a honeypot. Whereas honeypots aim to simulate an application or protocol for the attacker to play around with, all the honeyport looks for is a connection from an external party, after which a specific action is performed (usually blacklisting them). It is usually only targeted attackers who will connect to more unusual ports in order to determine what services are running on those ports. Honeyport scripts are available in both Linux and Python. http://www.securitygeneration.com/security/linux-bash-ncat-honeyport-script-with-iptables-and-dome9-support/ http://www.securitygeneration.com/security/honeyport-python-script-with-local-firewall-and-dome9-support/
FEATURES
SIMILAR TOOLS
A suite for man in the middle attacks, featuring sniffing of live connections, content filtering, and protocol dissection.
Snort is an open source intrusion prevention system that uses rules to detect and prevent malicious network activity.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
A blog sharing packet capture files and malware samples for training and analysis, with archived posts and traffic analysis exercises.
A Linux command-line tool that allows you to kill in-progress TCP connections based on a filter expression, useful for libnids-based applications that require a full TCP 3-way handshake for TCB creation.
Tcpdump is a command-line packet analyzer for capturing and analyzing network traffic.
Tor Browser is a free and open-source software that allows users to browse the internet anonymously and privately.