Archive for the ‘Tools’ Category


VoIP Honey, a honeypot for VoIP

Saturday, June 26th, 2010notice

The guys at Bytecoders have released VoIP Honey, a comprehensible honeypot for VoIP (Voice over IP) networks. VoIP Honey provides a set of tools for building an entire honeynet, thus includes honeywall and honeypot emulating VoIP environments such as Asterisk PBX or OpenSer with fully configurable connections.


To facilitate the work VoIP Honey includes a very nice bash-like command line interface based on ncurses, with history and auto-complete features. Also offers comprehensive well-structured and full configurable debug information.

As the authors say the VoIP Honey project is in a very basic early stage and it is only recommend to use it for testing in a strictly controlled network environments without direct Internet connection (in example Virtual Machines).

Photo by kozumel


Honeywall scripts

Sunday, July 11th, 2004

The scripts below have been written to make easier the management of the most common tools used in a Honeywall. The logging directories and log file name formats used are similar to the ones used by the Honeywall CDROM tool to preserve compatibility. These scripts are also included in the paper “Building a GenII Honeynet Gateway”.

honeywall.conf: The main configuration file. It is an improved version of honeywall.conf config file included in the Honeywall CDROM by The Honeynet Project. It has two new options: LAN_BLOCK and LAN_ALLOWDED_IP. We suggested this new functionality to the Alliance who integrated it into Roo as whitelisting and blacklisting.

rc.firewall: Script for loading iptables firewall. It is an improved version of the rc.firewall script v0.8 found in Honeywall CDROM that supports the new LAN_BLOCK option. On the other hand, the handlers’ section has been simplified. Script for managing snort NIDS (config file not provided). Script for managing snort-inline (config file not provided). Script for recording network traffic in binary format using snort in logging mode. Script for recording network traffic in binary format using tcpdump. Script for managing Swatch, used to provide basic alerting capabilites.

swatch.conf: Swatch elemental configuration file.