A community of organizations actively researching, developing and deploying Honeynets and sharing the lessons learned.

Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet, for network monitoring, or as a spam trap. For *BSD, GNU/Linux, and Solaris.

Information covering intrusion detection and prevention systems, research and production honeypots, and incident handling. Also provides general overview of network security issues.

A tool to analyze honeyd-logfiles of the honeyd-daemon. Generates graphical and textual results from queries against the logfile data.

A toolkit designed to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities.

Honeypots that dynamically learn your network then deploy virtual honeypots that adapt to your network.

This paper evaluates the usefulness of using honeypots to fight Internet worms and perform counterattacks.

This paper discusses honeytokens, honeypots that are not computers, but rather digital entities that are stored in a restricted part of the network.

A hacker is lured, endured, and studied. One of the first examples of a honeypot. First published in 1992.

Article discussing issues with Honeypot technology, focusing on dealing with the possibility of your Honeypot being detected (and potentially abused) by an attacker.

Provides visualization of hack attempts against a honeypot server. Reports include attack intensity over time and attack types. Based on IDS data produced by snort.

Incident analysis for a compromised default honeypot installation of RedHat Linux 6.2. Includes design, configuration and log details for the compromised machine.

Techniques, tools and resources for conducting Honeypot Research and Forensic Investigation. White papers include monitoring VMware honeypots, apache web server honeypots, and VMware honeypot forensics.

An article about how to use VMware to produce honeypots to catch system intruders.

Configuring and deploying Sink Hole Routers, which are the network equivalent of a honey pot.

This paper evaluates the usefulness of using honeypots to fight spammers.

Web page summarizing different commercial and freeware honeypots.

Created to detect when anyone attempts a Back Orifice scan against your computer. Also detects attempted connections to other services, such as Telnet, FTP, SMTP, POP3 and IMAP2.

A program that creates a tarpit or, as some have called it, a "sticky honeypot".

This article is about deploying and managing honeypots in large, distributed environments through the use of Honeypot Farms.

Article discussing the creation of the Honeynet Project.

A system that redirects all hostile traffic from your production systems to a honeypot that is a partial mirror of your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data.

An open proxy honeypot (proxypot) that pretends to be an open proxy. Designed primarily to catch the mail spammer.

Article discussing the use of honeypot technology to combat attacks on wireless networks.

The goal of this project is to organize dispersed honeypots across the Internet and share findings with the security community.

Directory of articles, white papers, and documents on honeypots and other security topics.

Brazilian Honeypots Alliance. Includes tools to summaries honeyd logs, mydoom.pl (A perl script which emulates the backdoor installed by the Mydoom virus), and an OpenBSD LiveCD Honeypot.

An Active Server Pages (ASP) compliant web server honey pot, that detects common attacks against web servers and logs the requests in a real-time viewer . It can recognize Buffer Overflows , Denial of Service attacks, Directory Transversal attacks, SQL Injection attacks , XSS attacks , Session hijacking attacks.

HSC is an analysis tool to view events on your personal honeynet. View and correlate events from Snort, TCPDump, Firewall, Syslog and Sebek logs.

SCADA HoneyNet Project: Building Honeypots for Industrial Networks (SCADA, DCS, and PLC architectures).

Connection Redirection Applied to Production Honeypot.

The Florida Honeynet Project is a not for profit, all volunteer organization dedicated to honeynet research.

Manufacturer of the PatriotBox HoneyPot server.

Information on deploying a Virtual Honeynet based on Honeywall using VMware.

A honeynet gateway on a bootable CDROM.

An Introduction to second generation honeynets (honeywalls).

A program that acts as a honeypot for spammers who use spambots to harvest email addresses from Web sites.

Impost can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates with connecting clients; or it can operate as a packet sniffer and monitor incoming data to specified destination port supplied by the command-line arguments (pre-release version available).

WebMaven is an intentionally broken web application. It is intended to be used in a safe legal environment (your own host) as a training tool, as a basic benchmark platform to test web application security scanners and as a Honeypot.

A collection of programs to deploy, run and analyse network and host simulations in IP networks.

Article discussing methods hackers use to detect honeypots.

Independent non-profit research organization of security professionals dedicated to information security focused on honeynet technologies.

A Darknet is a portion of routed, allocated IP space in which no active services or servers seemingly reside. However, there is in fact include at least one server for real-time analysis or post-event network forensics.

Website set up to deliver almost infinite numbers of bogus email addresses to email harvesting bots.

This paper explains how to go about configuring VMware to deploy a Honeywall, combining the advantages offered by the Honeywall CDROM and the virtual environments.

This is a short guide to build a GenII Honeynet Gateway, also called a Honeywall, under Linux, broaching the most common problems and providing several solutions and tips.

A free, distributed, open-source project to help website administrators track, stop, and prosecute spam harvesters stealing email addresses from their sites.

Honeyd configuration wizard, a SQL Interface, and reports.

LogIDS, LogAgent, SécurIT Intrusion Detection Toolkit, and ComLog (a cmd.exe wrapper)

A honeypot system and "Honeypot Exchange Program."

Index of over 75 papers on Honeypots.

A system for automated generation of signatures for network intrusion detection systems (NIDSs).

Low-interaction honeypot appliance.

A ready-to-run SMTP relay honeypot, written in pure Java.

GHH emulates a vulnerable web application by allowing itself to be indexed by search engines. It is hidden from casual page viewers, but is found through the use of a crawler or search engine.

Paper on the use of honeynets to learn more about botnets. Covers uses of botnets, how they work and how to track them.

Wikisecure's honeyd page that describes the basic functionality and operation with self-explanatory examples.

This two-part paper discusses how hackers discover, interact with, and sometimes disable honeypots at the system level and the application layer.

A simple honey pot program based on iptables redirects and an xinetd listener.

Tracking Botnets with help of Honeynets.

Article discussing how Microsoft have developed a series of Windows XP clients, dubbed "honeymonkeys", that crawl the Web finding sites that use unreported vulnerabilities to compromise unsuspecting users.

A solution to collect worms and other autonomous spreading malware in a non-native environment like FreeBSD or Linux. Some people consider it a next generation honeypot, however computers running mwcollect cannot actually be infected with the malware.

A tool for semi-automatically creating emulators of network server applications.

A Windows honeypot designed to attract and detect hackers by simulating vulnerable system services and trojans.

Microsoft Research project to detect and analyze Web sites hosting malicious code using client-side honeypots.

An introduction to honeypots, the different types, and their value.

White papers, mailing list and other resources related to honeypots.

The Philippine Honeynet Project is a non-profit, all volunteer group dedicated to honeynet and security research.

A low interaction honeypot designed to emulate vulnerabilties worms use to spread, and to capture these worms.