Honeyd, the brainchild of Niels Provos, is free open source software released under GNU General Public License. The first major release, 0.5, arrived in 2003, and the latest version I could track down, 1.5c, was released in 2007. Honeyd wasn't the first honeypot, but it quickly became the most accessible and flexible -- the first fully formed honeypot for the masses. For many years, Provos worked to update his honeypot, wrote a book on it ("Virtual Honeypots: From Botnet Tracking to Intrusion Detection"), and gained wide participation from the open source community in developing add-ons and scripts.
There have even been a few Windows ports of the Linux-based program over the years. Unfortunately, like most honeypot projects and Honeyd itself, they appear neglected. The Windows ports are mostly unusable, not working at all on any of Microsoft's latest operating systems.
Nonetheless, after writing my own book on honeypots, I still get more questions about Honeyd than any other honeypot I covered. Mostly that is due to the supreme difficulty in getting Honeyd installed and configured, thanks in part to Honeyd's extreme flexibility. First-time users often spend days to get it working, searching all over the Internet for help to solve arcane issues. Most users simply give up without success.
Linux versions of Honeyd can be downloaded from www.honeyd.org (the official website), although first-time installers will usually have to download and install one or more dependent packages first, such as libpcap, bison, or flex, with each component requiring the familiar
./configure, make, make install installation routine. It's easier if you have an open source OS that supports the
apt-get install honeyd feature.
To continue reading this article register now