In-depth Guide to Setting up a Honeypot with Modern Honey Network (MHN) - CrawlFence Blog

In-depth Guide to Setting up a Honeypot with Modern Honey Network (MHN)

Publié dans Technology | 03 Oct 2024

Image pour In-depth Guide to Setting up a Honeypot with Modern Honey Network (MHN)
  • 03 Oct 2024

In-depth Guide to Setting up a Honeypot with Modern Honey Network (MHN)

Introduction

In this tutorial, we will set up a honeypot network using Modern Honey Network (MHN), a powerful toolset for deploying honeypots. Honeypots are systems designed to distract attackers from your actual IT assets, help you gain insights about attack techniques, and enhance overall network security. Understanding how to set up and analyze honeypots aids security professionals in developing proactive defense strategies.

Step 1: MHN Server Installation

Start by deploying an Ubuntu 18.04 server for hosting MHN. After updating the server packages, download the MHN installation script from GitHub and run it using the following commands:

sudo apt update -y && sudo apt upgrade -y
cd /opt/
sudo git clone https://github.com/threatstream/mhn.git
cd mhn/
sudo ./install.sh

After successful installation, navigate to your server's IP address on a browser. Complete the setup by creating an account.

Step 2: Honeypot Deployment

Under the 'Deploy' section, select a script for the type of honeypot you wish to deploy, such as Dionaea or Cowrie. Copy the script, deploy a new server, then run it. This server will act as your honeypot and automatically connect to your MHN server, reporting all interactions with attackers.

Step 3: Intrusion Analysis

Look out for intrusion attempts on your MHN dashboard. This interface displays real-time attack data, including source IP addresses, ports targeted, protocols used, and payloads delivered. Use this information to understand common attack vectors and tailor your defense strategy accordingly.

Step 4: Data Export

MHN can export attack data in various formats, such as JSON, CSV, or to a syslog server. Use this for further analysis or integration with your SIEM tool.

Common Troubleshooting Tips

If you encounter challenges with MHN, ensure that your servers have unrestricted communication, with no firewall rules blocking the required ports. Ensure that your servers have adequate resources for the chosen honeypot. Heavy honeypots require more CPU and RAM compared to low-interaction honeypots.

Real-World Application

Using honeypots is an active defense strategy highly utilized by security professionals. They are used in threat hunting, network defense, and IT management to gain insights about potential attack vectors and staging incidents for proactive response.