KFSensor: Sweet Windows honeypot

Longtime best-of-breed intrusion detection solution remains feature-rich, easy to use, and actively maintained

I've been a huge fan of KFSensor for many years. It has been at the top of the honeypot class for nearly a decade, and I was eager to see how it stacked up to improving competition, notably HoneyPoint Security Server, as well as free open source Honeyd.

Unlike most honeypot solutions, which eventually become neglected, KFSensor has been maintained and updated by creator Tom Wright since it was launched in 2003. It has long been the easiest honeypot program to install, with the most elegant and fuss-free GUI, and its feature set established the gold standard that other honeypot programs had to match. KFSensor is still the gold standard.

I reviewed the latest version, KFSensor Professional 4.7.0. Installation was as simple as downloading the install file, executing, and choosing Next, Next, Next. The installation routine even prompts you to accept or download WinPcap, which allows KFSensor to capture and display attacks with packet-level detail. KFSensor is a Windows-only program.

There are three main KFSensor versions: Standard, Professional, and Enterprise. You can compare features of the different KFSensor versions at the KeyFocus website. The Enterprise version includes a centralized management console and other features that make managing multiple honeypots across a larger enterprise easier to do. You can download a free trial version of KFSensor Professional. All versions can be installed as a user-mode program or system service.

KFSensor ports and services
KFSensor is formed around the concept of "scenarios," or listening port collections. You can define one or more scenarios to listen on one or more ports and services. For example, you could create a scenario to listen on all TCP and UDP ports (and ICMP traffic), maximizing the potential to detect remote probes. Another scenario might simulate a MySQL database server or IIS Web server. Administrators can easily define scenarios and quickly switch between them, although only one scenario per sensor can be active at a time.

12378743815344.png
12892455438039.png
12383030113415.png
12372119206773.png
12355113543399.png
Test Center Scorecard
 
 35%25%20%20% 
KeyFocus KFSensor 4.7.010799

8.9

Very Good

1 2 3 Page 1
Page 1 of 3