Honeypot

The two honeyspots I chose are; HoneyD and Glasstopf. HoneyD is free open source software released under General Public License. Honeyd wasn't the first honeypot, but it quickly became the most accessible and flexible, the first fully formed honeypot for the masses. Glasstopf is a Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications. The principle behind it is very simple: Reply the correct response to the attacker exploiting the web application.

The benefits of using HoneyD are that It listens for traffic aimed at an address arpd has captured, interacting with it as if it were a real host. ICMP, TCP and UDP traffic is handled within the honeyd application, so there's no stress on the underlying system's real IP stack. Honeyd "understands" ICMP messages and will reply to them appropriately, which makes for lots of fun. And last but not least honeyd has the ability to spoof Nmap and other stack-fingerprinting scan tools. Unlike other low interaction honeypots, Honeyd can also handle several different operating systems at the same time. There are two other major advantages to use Honeyd. First of all, it can capture the connection on any port. This utility makes detection of the network traffic easier and better. Second advantage of it is that being able to change services. Glasstopf is considered a web application honeypot that is capable of emulating thousands of vulnerabilities in order to gather data from attacks that target web applications. The uses of Glastopf are considered to be different than other honeypots that are available.

http://glastopf.org/index.php

http://www.honeyd.org/